Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...
Online safety awareness and human factors: An application of the theory of human ecology
A zero-shot deep metric learning approach to Brain–Computer Interfaces for image retrieval
In this paper we propose a deep learning based approach for image retrieval using EEG. Our approach makes use of a multi-modal deep neural network based on metric learning, where the EEG signal from a user observing an image is mapped together with visual information extracted from the image. The inspiration behind this work is...
From awareness to influence: toward a model for improving employees’ security behaviour
This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...
About the Measuring of Information Security Awareness: A Systematic Literature Review
To make employees aware of their important role for information security, companies typically carry out security awareness campaigns. The success and effectiveness of those campaigns has to be measured to justify the budget for example. Therefore, we did a systematic literature review in order to learn how information security awareness (ISA) is measured in theory...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...
A systematic review of current cybersecurity training methods
Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...
Developing a cyber security culture: Current practices and future needs
While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance. In this article, we aim to tackle this issue by conducting a state-of-the-art study into organisational cyber security...
Conceptualization of a cybersecurity awareness quiz
Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cyber- Security Awareness Quiz provides a quiz on recent variants to make employees aware of...
A pond full of phishing games – analysis of learning games for anti-phishing education
Game-based learning is a promising approach to anti-phishing education, as it fosters motivation and can help reduce the perceived difficulty of the educational material. Over the years, several prototypes for game-based applications have been proposed, that follow different approaches in content selection, presentation, and game mechanics. In this paper, a literature and product review of...
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Evaluating the awareness of security among users plays a critical role in safeguarding Industrial Control Systems (ICSs) against social engineering attacks. This study was conducted to assess the impact of cybersecurity awareness on the response to cybersecurity incidents within ICSs. Furthermore, this research has incorporated various measures and frameworks related to cybersecurity emergency response processes,...
Beyond cybersecurity tools: The increasing roles of human factors and cyber insurance in the survival of social media organizations
Cybersecurity tools are designed to safeguard an organization's systems and data by ensuring confidentiality, integrity, and availability in the face of cyber threats. Nevertheless, it's vital to recognize that these tools come with inherent limitations. Relying solely on them is insufficient for effectively managing the ever-evolving landscape of cyber risks. In this context, human resources...
Gamification of cyber security awareness training for phishing against university students
Users represent the primary source of cyber security breaches. Unfortunately, Cyber Security Awareness training often fails to capture their interest and is perceived as a secondary task, an impediment, or a distraction from their core responsibilities. This indifference poses a significant risk to organizations, as cyber security breaches collectively cost businesses billions annually. An effective...
Exploring how, why and in what contexts older adults are at risk of financial cybercrime victimization: A realist review
Despite infrequent reports from older individuals regarding their experiences as victims of financial cybercrime, there exists compelling evidence indicating that older online users face an elevated risk. This realist review was conducted to identify the factors contributing to the victimization of older adults and to evaluate the theory and supporting evidence for interventions aimed at...
Human errors: A cyber security concern and the weakest link to small businesses
Cybersecurity is a critical concern for organizations, particularly in the face of the ongoing global pandemic caused by Covid-19. The abrupt shift to remote work, often referred to as the 'new normal,' has introduced information security risks associated with human factors. This includes both malicious actors and employees using the same platforms for information exchange...
Oppositional human factors in cybersecurity: A preliminary analysis of affective states
The need for cyber defense research is growing as more cyber-attacks are directed at critical infrastructure and other sensitive networks. Traditionally, the focus has been on hardening system defenses. However, other techniques are being explored including cyber and psychological deception which aim to negatively impact the cognitive and emotional state of cyber attackers directly through...
Bridging the knowing-doing gap: the role of attitude in information security awareness
This study examined that gap between knowledge and behaviour, why employees wilfully omit, and the role of attitude in bridging that gap. The study was conducted as a web-administered survey using the Human Aspects of Information Security Questionnaire (HAIS-Q), to which 287 participants responded. The data was analysed using linear regression, Baron-Kenny mediation, and comparison...
Impacts of the Covid-19 pandemic on online security behaviour within the UK educational industry
In this research, the impact of the coronavirus pandemic on the security behaviour of academic businesses is uncovered. This is done by comparing the pre-pandemic annual cyber security survey with the peak and post-pandemic survey, i.e., 2019, 2020 and 2021 respectively. Findings from this research demonstrate that the pandemic brought about a rise in cyberattacks,...
Analysing security concerns about the massive increase of sharing data over the cloud during the pandemic of Covid-19
Technology plays a vital role to overcome some of the challenges caused by Covid-19. For example, adopting cloud computing during pandemic has become double to handle the highest accelerating of process data through the cloud. However, the sudden and heavy use of cloud computing alerts the attack of cyber security. Therefore, this adds a threat...
Utilising machine learning against email phishing to detect malicious emails
Phishing is an identity theft evasion strategy used in which consumers accept bogus emails from fraudulent accounts that claim to belong to a legal and real company in the effort to steal sensitive information of the client. This act places many users’ privacy at risk, and therefore researchers continue to work on identifying and improving...
Does psychological distance and religiosity influence fraudulent customer behavior?
This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....