1
|
Sarno DM, Black J. Who Gets Caught in the Web of Lies?: Understanding Susceptibility to Phishing Emails, Fake News Headlines, and Scam Text Messages. HUMAN FACTORS 2024; 66:1742-1753. [PMID: 37127397 DOI: 10.1177/00187208231173263] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 05/03/2023]
Abstract
OBJECTIVE The present study investigated if the same users are vulnerable to phishing emails, scam text messages, and fake news headlines and if there are universal predictors of susceptibility for all three tasks. BACKGROUND Theoretical research provides support for the notion that the same users likely fall for multiple forms of online deception. However, no research has directly compared susceptibility for various online deceptions (eg phishing, disinformation, scam text messages) within the same group of users. METHOD Participants completed an online survey consisting of demographic questions, the Cognitive Reflection Test (ie impulsivity), and the Digital Literacy Scale, and classified 90 legitimate and deceptive emails, text messages, and news headlines. RESULTS Results suggest that individuals who struggle to discriminate between deceptive and legitimate stimuli on one task experience similar difficulties on the other two tasks. Additionally, while lower levels of digital literacy and cognitive reflectiveness predicted poorer discrimination abilities across all three tasks, age did not predict performance. Interestingly, participants appeared to be the most susceptible to phishing emails. CONCLUSION Overall, individuals who fall for one form of online deception appear to be more likely to fall for other forms of deception, and digital literacy and cognitive reflectiveness can predict widespread vulnerability to online deception. APPLICATION Organizations may be able to identify potential vulnerabilities for a variety of online attacks by measuring digital literacy, cognitive reflectiveness, and performance in one online deception task. Additionally, training interventions may be the most needed for phishing emails.
Collapse
|
2
|
Guidetti OA, Speelman C, Bouhlas P. A review of cyber vigilance tasks for network defense. FRONTIERS IN NEUROERGONOMICS 2023; 4:1104873. [PMID: 38234467 PMCID: PMC10790933 DOI: 10.3389/fnrgo.2023.1104873] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Figures] [Subscribe] [Scholar Register] [Received: 11/22/2022] [Accepted: 03/29/2023] [Indexed: 01/19/2024]
Abstract
The capacity to sustain attention to virtual threat landscapes has led cyber security to emerge as a new and novel domain for vigilance research. However, unlike classic domains, such as driving and air traffic control and baggage security, very few vigilance tasks exist for the cyber security domain. Four essential challenges that must be overcome in the development of a modern, validated cyber vigilance task are extracted from this review of existent platforms that can be found in the literature. Firstly, it can be difficult for researchers to access confidential cyber security systems and personnel. Secondly, network defense is vastly more complex and difficult to emulate than classic vigilance domains such as driving. Thirdly, there exists no single, common software console in cyber security that a cyber vigilance task could be based on. Finally, the rapid pace of technological evolution in network defense correspondingly means that cyber vigilance tasks can become obsolete just as quickly. Understanding these challenges is imperative in advancing human factors research in cyber security. CCS categories Human-centered computing~Human computer interaction (HCI)~HCI design and evaluation methods.
Collapse
Affiliation(s)
- Oliver Alfred Guidetti
- Edith Cowan University, Joondalup, WA, Australia
- Cyber Security Cooperative Research Centre, Perth, WA, Australia
- Experimental Psychology Unit, Perth, WA, Australia
| | - Craig Speelman
- Edith Cowan University, Joondalup, WA, Australia
- Experimental Psychology Unit, Perth, WA, Australia
| | - Peter Bouhlas
- Western Australian Department of the Premier and Cabinet, Perth, WA, Australia
| |
Collapse
|
3
|
Xu T, Singh K, Rajivan P. Personalized persuasion: Quantifying susceptibility to information exploitation in spear-phishing attacks. APPLIED ERGONOMICS 2023; 108:103908. [PMID: 36403509 DOI: 10.1016/j.apergo.2022.103908] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 02/09/2022] [Revised: 06/10/2022] [Accepted: 09/20/2022] [Indexed: 06/16/2023]
Abstract
Many cyberattacks begin with a malicious email message, known as spear phishing, targeted at unsuspecting victims. Although security technologies have improved significantly in recent years, spear phishing continues to be successful due to the bespoke nature of such attacks. Crafting such emails requires attackers to conduct careful research about their victims and collect personal information about them and their acquaintances. Despite the widespread nature of spear-phishing attacks, little is understood about the human factors behind them. This is particularly the case when considering the role of attack personalization on end-user vulnerability. To study spear-phishing attacks in the laboratory, we developed a simulation environment called SpearSim that simulates the tasks involved in the generation and reception of spear-phishing messages. Using SpearSim, we conducted a laboratory experiment with human subjects to study the effect of information availability and information exploitation end-user vulnerability. The results of the experiment show that end-users in the high information-availability condition were 2.97 times more vulnerable to spear-phishing attacks than those in the low information-availability condition. We found that access to more personal information about targets can result in attacks involving contextually meaningful impersonation and narratives. We discuss the implications of this research for the design of anti-phishing training solutions.
Collapse
Affiliation(s)
- Tianhao Xu
- University of Washington, Department of Industrial and System Engineering, United States
| | - Kuldeep Singh
- The University of Texas at El Paso, Department of Computer Science, United States
| | - Prashanth Rajivan
- University of Washington, Department of Industrial and System Engineering, United States.
| |
Collapse
|
4
|
Armstrong ME, Jones KS, Namin AS. How Perceptions of Caller Honesty Vary During Vishing Attacks That Include Highly Sensitive or Seemingly Innocuous Requests. HUMAN FACTORS 2023; 65:275-287. [PMID: 33934614 DOI: 10.1177/00187208211012818] [Citation(s) in RCA: 1] [Impact Index Per Article: 1.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
OBJECTIVE To understand how aspects of vishing calls (phishing phone calls) influence perceived visher honesty. BACKGROUND Little is understood about how targeted individuals behave during vishing attacks. According to truth-default theory, people assume others are being honest until something triggers their suspicion. We investigated whether that was true during vishing attacks. METHODS Twenty-four participants read written descriptions of eight real-world vishing calls. Half included highly sensitive requests; the remainder included seemingly innocuous requests. Participants rated visher honesty at multiple points during conversations. RESULTS Participants initially perceived vishers to be honest. Honesty ratings decreased before requests occurred. Honesty ratings decreased further in response to highly sensitive requests, but not seemingly innocuous requests. Honesty ratings recovered somewhat, but only after highly sensitive requests. CONCLUSIONS The present results revealed five important insights: (1) people begin vishing conversations in the truth-default state, (2) certain aspects of vishing conversations serve as triggers, (3) other aspects of vishing conversations do not serve as triggers, (4) in certain situations, people's perceptions of visher honesty improve, and, more generally, (5) truth-default theory may be a useful tool for understanding how targeted individuals behave during vishing attacks. APPLICATION Those developing systems that help users deal with suspected vishing attacks or penetration testing plans should consider (1) targeted individuals' truth-bias, (2) the influence of visher demeanor on the likelihood of deception detection, (3) the influence of fabricated situations surrounding vishing requests on the likelihood of deception detection, and (4) targeted individuals' lack of concern about seemingly innocuous requests.
Collapse
|
5
|
Ask TF, Kullman K, Sütterlin S, Knox BJ, Engel D, Lugo RG. A 3D mixed reality visualization of network topology and activity results in better dyadic cyber team communication and cyber situational awareness. Front Big Data 2023; 6:1042783. [PMID: 36777449 PMCID: PMC9911685 DOI: 10.3389/fdata.2023.1042783] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [Grants] [Track Full Text] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 09/13/2022] [Accepted: 01/10/2023] [Indexed: 01/28/2023] Open
Abstract
Background Cyber defense decision-making during cyber threat situations is based on human-to-human communication aiming to establish a shared cyber situational awareness. Previous studies suggested that communication inefficiencies were among the biggest problems facing security operation center teams. There is a need for tools that allow for more efficient communication of cyber threat information between individuals both in education and during cyber threat situations. Methods In the present study, we compared how the visual representation of network topology and traffic in 3D mixed reality vs. 2D affected team performance in a sample of cyber cadets (N = 22) cooperating in dyads. Performance outcomes included network topology recognition, cyber situational awareness, confidence in judgements, experienced communication demands, observed verbal communication, and forced choice decision-making. The study utilized network data from the NATO CCDCOE 2022 Locked Shields cyber defense exercise. Results We found that participants using the 3D mixed reality visualization had better cyber situational awareness than participants in the 2D group. The 3D mixed reality group was generally more confident in their judgments except when performing worse than the 2D group on the topology recognition task (which favored the 2D condition). Participants in the 3D mixed reality group experienced less communication demands, and performed more verbal communication aimed at establishing a shared mental model and less communications discussing task resolution. Better communication was associated with better cyber situational awareness. There were no differences in decision-making between the groups. This could be due to cohort effects such as formal training or the modest sample size. Conclusion This is the first study comparing the effect of 3D mixed reality and 2D visualizations of network topology on dyadic cyber team communication and cyber situational awareness. Using 3D mixed reality visualizations resulted in better cyber situational awareness and team communication. The experiment should be repeated in a larger and more diverse sample to determine its potential effect on decision-making.
Collapse
Affiliation(s)
- Torvald F. Ask
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway
- Faculty of Health, Welfare and Organization, Østfold University College, Halden, Norway
| | - Kaur Kullman
- Doctoral School of Information and Communication Technology, Institute of Computer Science, Tallinn University of Technology, Tallinn, Estonia
- Center for Space Sciences and Technology, University of Maryland, Baltimore County, Baltimore, MD, United States
| | - Stefan Sütterlin
- Faculty of Health, Welfare and Organization, Østfold University College, Halden, Norway
- Faculty of Computer Science, Albstadt-Sigmaringen University, Sigmaringen, Germany
- Centre for Digital Forensics and Cybersecurity, Tallinn University of Technology, Tallinn, Estonia
| | - Benjamin J. Knox
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway
- Faculty of Health, Welfare and Organization, Østfold University College, Halden, Norway
- Norwegian Armed Forces Cyber Defense, Oppland, Norway
| | - Don Engel
- Center for Space Sciences and Technology, University of Maryland, Baltimore County, Baltimore, MD, United States
| | - Ricardo G. Lugo
- Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway
- Faculty of Health, Welfare and Organization, Østfold University College, Halden, Norway
| |
Collapse
|
6
|
Sturman D, Valenzuela C, Plate O, Tanvir T, Auton JC, Bayl-Smith P, Wiggins MW. The role of cue utilization in the detection of phishing emails. APPLIED ERGONOMICS 2023; 106:103887. [PMID: 36037654 DOI: 10.1016/j.apergo.2022.103887] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Received: 12/19/2021] [Revised: 08/17/2022] [Accepted: 08/18/2022] [Indexed: 06/15/2023]
Abstract
This study was designed to examine the roles of cue utilization, phishing features and time pressure in the detection of phishing emails. During two experiments, participants completed an email sorting task containing both phishing and genuine emails. Participants were allocated to either a high or low time pressure condition. Performance was assessed via detection sensitivity and response bias. Participants were classified with either higher or lower cue utilization and completed a measure of phishing knowledge. When participants were blind to the nature of the study (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails. However, they also recorded a stronger bias towards classifying emails as phishing, compared to participants with lower cue utilization. When notified of phishing base rates prior to the email sorting task (N = 191), participants with higher cue utilization were better able to discriminate phishing from genuine emails without recording an increase in rate of false alarms, compared to participants with lower cue utilization. Sensitivity increased with a reduction in time pressure, while response bias was influenced by the number of phishing-related features in each email. The outcomes support the proposition that cue-based processing of critical features is associated with an increase in the capacity of individuals to discriminate phishing from genuine emails, above and beyond phishing-related knowledge. From an applied perspective, these outcomes suggest that cue-based training may be beneficial for improving detection of phishing emails.
Collapse
Affiliation(s)
- Daniel Sturman
- School of Psychology, The University of Adelaide, Adelaide, SA, Australia.
| | - Chelsea Valenzuela
- School of Psychology, The University of Adelaide, Adelaide, SA, Australia
| | - Oliver Plate
- School of Psychology, The University of Adelaide, Adelaide, SA, Australia
| | - Tazin Tanvir
- School of Psychology, The University of Adelaide, Adelaide, SA, Australia
| | - Jaime C Auton
- School of Psychology, The University of Adelaide, Adelaide, SA, Australia
| | - Piers Bayl-Smith
- Department of Psychology, Macquarie University, Sydney, NSW, Australia
| | - Mark W Wiggins
- Department of Psychology, Macquarie University, Sydney, NSW, Australia
| |
Collapse
|
7
|
Chen J, Ge H, Li N, Proctor RW. What I Say Means What I Do: Risk Concerns and Mobile Application-Selection Behaviors. HUMAN FACTORS 2022; 64:1331-1350. [PMID: 33861174 DOI: 10.1177/00187208211004288] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
OBJECTIVE The goal of this study was to examine the relation between users' reported risk concerns and their choice behaviors in a mobile application (app) selection task. BACKGROUND Human users are typically regarded as the weakest link in cybersecurity and privacy protection; however, it is possible to leverage the users' predilections to increase security. There have been mixed results on the relation between users' self-reported privacy concerns and their behaviors. METHOD In three experiments, the timing of self-reported risk concerns was either a few weeks before the app-selection task (pre-screen), immediately before it (pre-task), or immediately after it (post-task). We also varied the availability and placement of clear definitions and quizzes to ensure users' understanding of the risk categories. RESULTS The post-task report significantly predicted the app-selection behaviors, consistent with prior findings. The pre-screen report was largely inconsistent with the reports implemented around the time of the task, indicating that participants' risk concerns may not be stable over time and across contexts. Moreover, the pre-task report strongly predicted the app-selection behaviors only when elaborated definitions and quizzes were placed before the pre-task question, indicating the importance of clear understanding of the risk categories. CONCLUSION Self-reported risk concerns may be unstable over time and across contexts. When explained with clear definitions, self-reported risk concerns obtained immediately before or after the app-selection task significantly predicted app-selection behaviors. APPLICATION We discuss implications for including personalized risk concerns during app selection that enable comparison of alternative mobile apps.
Collapse
Affiliation(s)
- Jing Chen
- 6042 Old Dominion University, Norfolk, Virginia, USA
| | - Huangyi Ge
- 311308 Purdue University, West Lafayette, Indiana, USA
| | - Ninghui Li
- 311308 Purdue University, West Lafayette, Indiana, USA
| | | |
Collapse
|
8
|
Sarno DM, Neider MB. So Many Phish, So Little Time: Exploring Email Task Factors and Phishing Susceptibility. HUMAN FACTORS 2022; 64:1379-1403. [PMID: 33835881 DOI: 10.1177/0018720821999174] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/12/2023]
Abstract
OBJECTIVE The present studies examine how task factors (e.g., email load, phishing prevalence) influence email performance. BACKGROUND Phishing emails are a paramount cybersecurity threat for the modern email user. Research attempting to understand how users are susceptible to phishing attacks has been limited and has not fully explored how task factors (e.g., prevalence, email load) influence accurate detection. METHOD In three experiments, participants classified emails as either legitimate or not legitimate and reported on a variety of other categorizations. The first two experiments examined how email load and phishing prevalence influence phishing detection independently. The third experiment examined the interaction of these two factors to determine whether they have compounding effects. All three experiments utilized individual difference variables to examine how cognitive, behavioral, and personality factors may influence classifications. RESULTS Experiment 1 suggests that high email load can make the task appear more challenging. Experiment 2 indicates that low phishing prevalence can decrease sensitivity for phishing emails. Experiment 3 demonstrates that high levels of email load can decrease classification accuracy under 50/50 prevalence rates. Notably, performance was poor across all experiments, with phishing detection near chance levels and low discriminability for emails. Participants demonstrated poor metacognition with over confidence, low self-reported difficulty, and low perceived threat for the emails. CONCLUSION Overall, the present studies suggest that high email load and low phishing prevalence can influence email classifications. APPLICATION Organizations and researchers should consider the influences of both email load and phishing prevalence when implementing phishing interventions.
Collapse
|
9
|
Designing effective masking strategies for cyberdefense through human experimentation and cognitive models. Comput Secur 2022. [DOI: 10.1016/j.cose.2022.102671] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/21/2022]
|
10
|
Aggarwal P, Moisan F, Gonzalez C, Dutt V. Learning About the Effects of Alert Uncertainty in Attack and Defend Decisions via Cognitive Modeling. HUMAN FACTORS 2022; 64:343-358. [PMID: 32954818 DOI: 10.1177/0018720820945425] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/11/2023]
Abstract
OBJECTIVE We aim to learn about the cognitive mechanisms governing the decisions of attackers and defenders in cybersecurity involving intrusion detection systems (IDSs). BACKGROUND Prior research has experimentally studied the role of the presence and accuracy of IDS alerts on attacker's and defender's decisions using a game-theoretic approach. However, little is known about the cognitive mechanisms that govern these decisions. METHOD To investigate the cognitive mechanisms governing the attacker's and defender's decisions in the presence of IDSs of different accuracies, instance-based learning (IBL) models were developed. One model (NIDS) disregarded the IDS alerts and one model (IDS) considered them in the instance structure. Both the IDS and NIDS models were trained in an existing dataset where IDSs were either absent or present and they possessed different accuracies. The calibrated IDS model was tested in a newly collected test dataset where IDSs were present 50% of the time and they possessed different accuracies. RESULTS Both the IDS and NIDS models were able to account for human decisions in the training dataset, where IDS was absent or present and it possessed different accuracies. However, the IDS model could accurately predict the decision-making in only one of the several IDS accuracy conditions in the test dataset. CONCLUSIONS Cognitive models like IBL may provide some insights regarding the cognitive mechanisms governing the decisions of attackers and defenders in conditions not involving IDSs or IDSs of different accuracies. APPLICATION IBL models may be helpful for penetration testing exercises in scenarios involving IDSs of different accuracies.
Collapse
Affiliation(s)
- Palvi Aggarwal
- 2319976612 Carnegie Mellon University, Pennsylvania, USA
| | | | | | - Varun Dutt
- Indian Institute of Technology Mandi, Himachal Pradesh, India
| |
Collapse
|
11
|
Caspi A, Sayag M, Gross M, Weinstein Z, Etgar S. The effects of personal values and message values on vulnerability to phishing. PERSONALITY AND INDIVIDUAL DIFFERENCES 2022. [DOI: 10.1016/j.paid.2021.111335] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Indexed: 11/28/2022]
|
12
|
Pawlicka A, Pawlicki M, Kozik R, Choraś RS. A Systematic Review of Recommender Systems and Their Applications in Cybersecurity. SENSORS 2021; 21:s21155248. [PMID: 34372489 PMCID: PMC8347790 DOI: 10.3390/s21155248] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.7] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 07/04/2021] [Revised: 07/28/2021] [Accepted: 07/29/2021] [Indexed: 11/18/2022]
Abstract
This paper discusses the valuable role recommender systems may play in cybersecurity. First, a comprehensive presentation of recommender system types is presented, as well as their advantages and disadvantages, possible applications and security concerns. Then, the paper collects and presents the state of the art concerning the use of recommender systems in cybersecurity; both the existing solutions and future ideas are presented. The contribution of this paper is two-fold: to date, to the best of our knowledge, there has been no work collecting the applications of recommenders for cybersecurity. Moreover, this paper attempts to complete a comprehensive survey of recommender types, after noticing that other works usually mention two–three types at once and neglect the others.
Collapse
Affiliation(s)
- Aleksandra Pawlicka
- ITTI Sp. z o.o., Rubież 46, 61-612 Poznań, Poland; (M.P.); (R.K.)
- Correspondence:
| | - Marek Pawlicki
- ITTI Sp. z o.o., Rubież 46, 61-612 Poznań, Poland; (M.P.); (R.K.)
| | - Rafał Kozik
- ITTI Sp. z o.o., Rubież 46, 61-612 Poznań, Poland; (M.P.); (R.K.)
| | - Ryszard S. Choraś
- Institute of Telecommunications and Computer Sciences, UTP University of Science and Technology, 85-796 Bydgoszcz, Poland;
| |
Collapse
|
13
|
Nifakos S, Chandramouli K, Nikolaou CK, Papachristou P, Koch S, Panaousis E, Bonacina S. Influence of Human Factors on Cyber Security within Healthcare Organisations: A Systematic Review. SENSORS 2021; 21:s21155119. [PMID: 34372354 PMCID: PMC8348467 DOI: 10.3390/s21155119] [Citation(s) in RCA: 21] [Impact Index Per Article: 7.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Figures] [Subscribe] [Scholar Register] [Received: 06/29/2021] [Revised: 07/15/2021] [Accepted: 07/16/2021] [Indexed: 01/05/2023]
Abstract
Background: Cybersecurity is increasingly becoming a prominent concern among healthcare providers in adopting digital technologies for improving the quality of care delivered to patients. The recent reports on cyber attacks, such as ransomware and WannaCry, have brought to life the destructive nature of such attacks upon healthcare. In complement to cyberattacks, which have been targeted against the vulnerabilities of information technology (IT) infrastructures, a new form of cyber attack aims to exploit human vulnerabilities; such attacks are categorised as social engineering attacks. Following an increase in the frequency and ingenuity of attacks launched against hospitals and clinical environments with the intention of causing service disruption, there is a strong need to study the level of awareness programmes and training activities offered to the staff by healthcare organisations. Objective: The objective of this systematic review is to identify commonly encountered factors that cybersecurity postures of a healthcare organisation, resulting from the ignorance of cyber threat to healthcare. The systematic review aims to consolidate the current literature being reported upon human behaviour resulting in security gaps that mitigate the cyber defence strategy adopted by healthcare organisations. Additionally, the paper also reviews the organisational risk assessment methodology implemented and the policies being adopted to strengthen cybersecurity. Methods: The topic of cybersecurity within healthcare and the clinical environment has attracted the interest of several researchers, resulting in a broad range of literature. The inclusion criteria for the articles in the review stem from the scope of the five research questions identified. To this end, we conducted seven search queries across three repositories, namely (i) PubMed®/MED-LINE; (ii) Cumulative Index to Nursing and Allied Health Literature (CINAHL); and (iii) Web of Science (WoS), using key words related to cybersecurity awareness, training, organisation risk assessment methodologies, policies and recommendations adopted as counter measures within health care. These were restricted to around the last 12 years. Results: A total of 70 articles were selected to be included in the review, which addresses the complexity of cybersecurity measures adopted within the healthcare and clinical environments. The articles included in the review highlight the evolving nature of cybersecurity threats stemming from exploiting IT infrastructures to more advanced attacks launched with the intent of exploiting human vulnerability. A steady increase in the literature on the threat of phishing attacks evidences the growing threat of social engineering attacks. As a countermeasure, through the review, we identified articles that provide methodologies resulting from case studies to promote cybersecurity awareness among stakeholders. The articles included highlight the need to adopt cyber hygiene practices among healthcare professionals while accessing social media platforms, which forms an ideal test bed for the attackers to gain insight into the life of healthcare professionals. Additionally, the review also includes articles that present strategies adopted by healthcare organisations in countering the impact of social engineering attacks. The evaluation of the cybersecurity risk assessment of an organisation is another key area of study reported in the literature that recommends the organisation of European and international standards in countering social engineering attacks. Lastly, the review includes articles reporting on national case studies with an overview of the economic and societal impact of service disruptions encountered due to cyberattacks. Discussion: One of the limitations of the review is the subjective ranking of the authors associated to the relevance of literature to each of the research questions identified. We also acknowledge the limited amount of literature that focuses on human factors of cybersecurity in health care in general; therefore, the search queries were formulated using well-established cybersecurity related topics categorised according to the threats, risk assessment and organisational strategies reported in the literature.
Collapse
Affiliation(s)
- Sokratis Nifakos
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
- Correspondence: ; Tel.: +46-73-7121-475
| | - Krishna Chandramouli
- School of Electronic Engineering and Computer Science, Queen Mary University of London, London E1 4NS, UK;
| | | | - Panagiotis Papachristou
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Sabine Koch
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| | - Emmanouil Panaousis
- School of Computing and Mathematical Sciences, University of Greenwich, London SE10 9LS, UK;
| | - Stefano Bonacina
- Department of Learning, Informatics, Management and Ethics, Karolinska Institutet, 171 77 Solna, Sweden; (P.P.); (S.K.); (S.B.)
| |
Collapse
|
14
|
Monteith S, Bauer M, Alda M, Geddes J, Whybrow PC, Glenn T. Increasing Cybercrime Since the Pandemic: Concerns for Psychiatry. Curr Psychiatry Rep 2021; 23:18. [PMID: 33660091 PMCID: PMC7927777 DOI: 10.1007/s11920-021-01228-w] [Citation(s) in RCA: 12] [Impact Index Per Article: 4.0] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Download PDF] [Journal Information] [Submit a Manuscript] [Subscribe] [Scholar Register] [Accepted: 01/21/2021] [Indexed: 11/30/2022]
Abstract
PURPOSE OF REVIEW Since the pandemic, the daily activities of many people occur at home. People connect to the Internet for work, school, shopping, entertainment, and doctor visits, including psychiatrists. Concurrently, cybercrime has surged worldwide. This narrative review examines the changing use of technology, societal impacts of the pandemic, how cybercrime is evolving, individual vulnerabilities to cybercrime, and special concerns for those with mental illness. RECENT FINDINGS Human factors are a central component of cybersecurity as individual behaviors, personality traits, online activities, and attitudes to technology impact vulnerability. Mental illness may increase vulnerability to cybercrime. The risks of cybercrime should be recognized as victims experience long-term psychological and financial consequences. Patients with mental illness may not be aware of the dangers of cybercrime, of risky online behaviors, or the measures to mitigate risk. Technology provides powerful tools for psychiatry but technology must be used with the appropriate safety measures. Psychiatrists should be aware of the potential aftermath of cybercrime on mental health, and the increased patient risk since the pandemic, including from online mental health services. As a first step to increase patient awareness of cybercrime, psychiatrists should provide a recommended list of trusted sources that educate consumers on cybersecurity.
Collapse
Affiliation(s)
- Scott Monteith
- Michigan State University College of Human Medicine, Traverse City Campus, 1400 Medical Campus Drive, Traverse City, MI, 49684, USA.
| | - Michael Bauer
- Department of Psychiatry and Psychotherapy, University Hospital Carl Gustav Carus Medical Faculty, Technische Universität Dresden, Dresden, Germany
| | - Martin Alda
- Department of Psychiatry, Dalhousie University, Halifax, Nova Scotia, Canada
| | - John Geddes
- Department of Psychiatry, Warneford Hospital, University of Oxford, Oxford, UK
| | - Peter C Whybrow
- Department of Psychiatry and Biobehavioral Sciences, Semel Institute for Neuroscience and Human Behavior, University of California Los Angeles (UCLA), Los Angeles, CA, USA
| | - Tasha Glenn
- ChronoRecord Association, Fullerton, CA, USA
| |
Collapse
|
15
|
Montañez R, Golob E, Xu S. Human Cognition Through the Lens of Social Engineering Cyberattacks. Front Psychol 2020; 11:1755. [PMID: 33101096 PMCID: PMC7554349 DOI: 10.3389/fpsyg.2020.01755] [Citation(s) in RCA: 14] [Impact Index Per Article: 3.5] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Figures] [Journal Information] [Subscribe] [Scholar Register] [Received: 01/19/2020] [Accepted: 06/25/2020] [Indexed: 11/13/2022] Open
Abstract
Social engineering cyberattacks are a major threat because they often prelude sophisticated and devastating cyberattacks. Social engineering cyberattacks are a kind of psychological attack that exploits weaknesses in human cognitive functions. Adequate defense against social engineering cyberattacks requires a deeper understanding of what aspects of human cognition are exploited by these cyberattacks, why humans are susceptible to these cyberattacks, and how we can minimize or at least mitigate their damage. These questions have received some amount of attention, but the state-of-the-art understanding is superficial and scattered in the literature. In this paper, we review human cognition through the lens of social engineering cyberattacks. Then, we propose an extended framework of human cognitive functions to accommodate social engineering cyberattacks. We cast existing studies on various aspects of social engineering cyberattacks into the extended framework, while drawing a number of insights that represent the current understanding and shed light on future research directions. The extended framework might inspire future research endeavor toward a new sub-field that can be called Cybersecurity Cognitive Psychology, which tailors or adapts principles of Cognitive Psychology to the cybersecurity domain while embracing new notions and concepts that are unique to the cybersecurity domain.
Collapse
Affiliation(s)
- Rosana Montañez
- Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, United States
| | - Edward Golob
- Department of Psychology, University of Texas at San Antonio, San Antonio, TX, United States
| | - Shouhuai Xu
- Department of Computer Science, University of Texas at San Antonio, San Antonio, TX, United States
| |
Collapse
|
16
|
Sarno DM, Lewis JE, Bohil CJ, Neider MB. Which Phish Is on the Hook? Phishing Vulnerability for Older Versus Younger Adults. HUMAN FACTORS 2020; 62:704-717. [PMID: 31237787 DOI: 10.1177/0018720819855570] [Citation(s) in RCA: 5] [Impact Index Per Article: 1.3] [Reference Citation Analysis] [Abstract] [Key Words] [MESH Headings] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 06/09/2023]
Abstract
OBJECTIVE To determine if there are age-related differences in phishing vulnerability and if those differences exist under various task conditions (e.g., framing and time pressure). BACKGROUND Previous research suggests that older adults may be a vulnerable population to phishing attacks. Most research exploring age differences has used limiting designs, including retrospective self-report measures and restricted email sets. METHOD The present studies explored how older and younger adults classify a diverse sample of 100 legitimate and phishing emails. In Experiment 1, participants rated the emails as either spam or not spam. Experiment 2 explored how framing would alter the results when participants rated emails as safe or not safe. In Experiment 3, participants performed the same task as Experiment 1, but were put under time pressure. RESULTS No age differences were observed in overall classification accuracy across the three experiments, rather all participants exhibited poor performance (20%-30% errors). Older adults took significantly longer to make classifications and were more liberal in classifying emails as spam or not safe. Time pressure seemed to remove this bias but did not influence overall accuracy. CONCLUSION Older adults appear to be more cautious when classifying emails. However, being extra careful may come at the cost of classification speed and does not seem to improve accuracy. APPLICATION Age demographics should be considered in the implementation of a cyber-training methodology. Younger adults may be less vigilant against cyber threats than initially predicted; older adults might be less prone to deception when given unlimited time to respond.
Collapse
Affiliation(s)
- Dawn M Sarno
- 6243 University of Central Florida, Orlando, USA
| | | | | | | |
Collapse
|
17
|
Neigel AR, Claypoole VL, Waldfogle GE, Acharya S, Hancock GM. Holistic cyber hygiene education: Accounting for the human factors. Comput Secur 2020. [DOI: 10.1016/j.cose.2020.101731] [Citation(s) in RCA: 14] [Impact Index Per Article: 3.5] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/25/2022]
|
18
|
Singh K, Aggarwal P, Rajivan P, Gonzalez C. Training to Detect Phishing Emails: Effects of the Frequency of Experienced Phishing Emails. ACTA ACUST UNITED AC 2019. [DOI: 10.1177/1071181319631355] [Citation(s) in RCA: 13] [Impact Index Per Article: 2.6] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 11/15/2022]
Abstract
We studied people’s success on the detection of phishing emails after they were trained under one of three phishing frequency conditions, where the proportion of the phishing emails during training varied as: low frequency (25% phishing emails), medium frequency (50% phishing emails) and high frequency (75% phishing emails). Individual base susceptibility to phishing emails was measured in a pre-training phase in which 20% of the emails were phishing; this performance was then compared to a post-training phase in which participants aimed at detecting new rare phishing emails (20% were phishing emails). The Hit rates, False Alarm rates, sensitivities and response criterion were analyzed. Results revealed that participants receiving higher frequency of phishing emails had a higher hit rate but also higher false alarm rate at detecting phishing emails at post-training compared to participants encountering lower frequency levels during training. These results have implications for designing new training protocols for improving detection of phishing emails.
Collapse
Affiliation(s)
- Kuldeep Singh
- Dynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, USA
| | - Palvi Aggarwal
- Dynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, USA
| | - Prashanth Rajivan
- Department of Industrial and Systems Engineering, University of Washington, Seattle, WA
| | - Cleotilde Gonzalez
- Dynamic Decision Making Laboratory, Carnegie Mellon University, Pittsburgh, USA
| |
Collapse
|
19
|
Neigel AR, Claypoole VL, Smith SL, Waldfogle GE, Fraulini NW, Hancock GM, Helton WS, Szalma JL. Engaging the human operator: a review of the theoretical support for the vigilance decrement and a discussion of practical applications. THEORETICAL ISSUES IN ERGONOMICS SCIENCE 2019. [DOI: 10.1080/1463922x.2019.1682712] [Citation(s) in RCA: 8] [Impact Index Per Article: 1.6] [Reference Citation Analysis] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 10/25/2022]
Affiliation(s)
- Alexis R. Neigel
- Performance Research Laboratory, University of Central Florida, Orlando, Florida, USA
| | - Victoria L. Claypoole
- Performance Research Laboratory, University of Central Florida, Orlando, Florida, USA
| | - Samantha L. Smith
- National Research Council Research Associateship Program, Dayton, Ohio, USA
| | - Grace E. Waldfogle
- Performance Research Laboratory, University of Central Florida, Orlando, Florida, USA
| | - Nicholas W. Fraulini
- Performance Research Laboratory, University of Central Florida, Orlando, Florida, USA
| | - Gabriella M. Hancock
- Stress & Technology Applied Research (STAR) Laboratory, California State University – Long Beach, Long Beach, California, USA
| | | | - James L. Szalma
- Performance Research Laboratory, University of Central Florida, Orlando, Florida, USA
| |
Collapse
|
20
|
Linkov V, Zámečník P, Havlíčková D, Pai CW. Human Factors in the Cybersecurity of Autonomous Vehicles: Trends in Current Research. Front Psychol 2019; 10:995. [PMID: 31130903 PMCID: PMC6509749 DOI: 10.3389/fpsyg.2019.00995] [Citation(s) in RCA: 23] [Impact Index Per Article: 4.6] [Reference Citation Analysis] [Abstract] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/14/2018] [Accepted: 04/15/2019] [Indexed: 11/13/2022] Open
Abstract
The cybersecurity of autonomous vehicles (AVs) is an important emerging area of research in traffic safety. Because human failure is the most common reason for a successful cyberattack, human-factor researchers and psychologists might improve AV cybersecurity by researching how to decrease the probability of a successful attack. We review some areas of research connected to the human factor in cybersecurity and find many potential issues. Psychologists might research the characteristics of people prone to cybersecurity failure, the types of scenarios they fail in and the factors that influence this failure or over-trust of AV. Human behavior during a cyberattack might be researched, as well as how to educate people about cybersecurity. Multitasking has an effect on the ability to defend against a cyberattack and research is needed to set the appropriate policy. Human-resource researchers might investigate the skills required for personnel working in AV cybersecurity and how to detect potential defectors early. The psychological profile of cyber attackers should be investigated to be able to set policies to decrease their motivation. Finally, the decrease of driver's driving skills as a result of using AV and its connection to cybersecurity skills is also worth of research.
Collapse
Affiliation(s)
- Václav Linkov
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Petr Zámečník
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Darina Havlíčková
- Department of Traffic Psychology, CDV – Transport Research Centre, Brno, Czechia
| | - Chih-Wei Pai
- Graduate Institute of Injury Prevention and Control, College of Public Health, Taipei Medical University, Taipei, Taiwan
| |
Collapse
|
21
|
Hancock PA. Neuroergonomics: Where the Cortex Hits the Concrete. Front Hum Neurosci 2019; 13:115. [PMID: 31031608 PMCID: PMC6474394 DOI: 10.3389/fnhum.2019.00115] [Citation(s) in RCA: 7] [Impact Index Per Article: 1.4] [Reference Citation Analysis] [Key Words] [Track Full Text] [Download PDF] [Journal Information] [Subscribe] [Scholar Register] [Received: 12/28/2018] [Accepted: 03/14/2019] [Indexed: 11/13/2022] Open
Affiliation(s)
- P. A. Hancock
- Department of Psychology, Institute for Simulation and Training, University of Central, Orlando, FL, United States
| |
Collapse
|