Understanding the Role of Incentives in Security Behavior

Goel, Sanjay; Williams, Kevin J.; Huang, Jingyi; Warkentin, Merrill

doi:10.24251/hicss.2020.519

Cited by 6 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the view that just one click is needed in phishing susceptibility attack to achieve the adversary's goal, 167 participants, resulting in a 61.1% susceptibility rate, met the significant requirements. Other related phishing simulated studies have similar or lower participants [74,75]. This was confirmed with Pearson's correlation coefficient (−0.494, p-value = 0.00).…”

Section: Principal Findingssupporting

confidence: 73%

Investigation into Phishing Risk Behaviour among Healthcare Staff

et al. 2022

View full text Add to dashboard Cite

A phishing attack is one of the less complicated ways to circumvent sophisticated technical security measures. It is often used to exploit psychological (as as well as other) factors of human users to succeed in social engineering attacks including ransomware. Guided by the state-of-the-arts in a phishing simulation study in healthcare and after deeply assessing the ethical dilemmas, an SMSbased phishing simulation was conducted among healthcare workers in Ghana. The study adopted an in-the-wild study approach alongside quantitative and qualitative surveys. From the state-of-the art studies, the in-the-wild study approach was the most commonly used method as compared to laboratory-based experiments and statistical surveys because its findings are generally reliable and effective. The attack results also showed that 61% of the targeted healthcare staff were susceptible, and some of the healthcare staff were not victims of the attack because they prioritized patient care and were not susceptible to the simulated phishing attack. Through structural equation modelling, the workload was estimated to have a significant effect on self-efficacy risk (r = 0.5, p-value = 0.05) and work emergency predicted a perceived barrier in the reverse direction at a substantial level of r = −0.46, p-value = 0.00. Additionally, Pearson’s correlation showed that the perceived barrier was a predictor of self-reported security behaviour in phishing attacks among healthcare staff. As a result, various suggestions including an extra workload balancing layer of security controls in emergency departments and better security training were suggested to enhance staff’s conscious care behaviour.

show abstract

Section: Principal Findingssupporting

confidence: 73%