Search results

Social engineering is crucial in today’s digital landscape. As technology advances, malicious individuals exploit human judgment and trust. This study explores how age, education and occupation affect individuals’ awareness, skills and perceptions of social engineering.

A quantitative research approach was used to survey a diverse demographic of Egyptian society. The survey was conducted in February 2023, and the participants were sourced from various Egyptian social media pages covering different topics. The collected data was analyzed using descriptive and inferential statistics, including independent samples t-test and ANOVA, to compare awareness and skills across different groups.

The study revealed that younger individuals and those with higher education tend to research social engineering more frequently. Males display a higher level of awareness but score lower in terms of social and psychological consequences as well as types of attacks when compared to females. The type of attack cannot be predicted based on age. Higher education is linked to greater awareness and ability to defend against attacks. Different occupations have varying levels of awareness, skills, and psychosocial consequences. The study emphasizes the importance of increasing awareness, education and implementing cybersecurity measures.

This study’s originality lies in its focus on diverse Egyptian demographics, innovative recruitment via social media, comprehensive exploration of variables, statistical rigor, practical insights for cybersecurity education and diversity in educational and occupational backgrounds.

This study aims to investigate the moderating role of sociodemographic factors, specifically age and education level, in the knowledge-attitude-behavior (KAB) model concerning information security awareness (ISA) amid growing technological threats.

This study uses a survey methodology, collecting data from 400 working individuals in Vietnam, to test the applicability of the KAB model and evaluate the moderating effects of age and education on the model’s established relationships. In addition, the theoretical model and hypotheses were evaluated using the partial least squares structural equation model (PLS-SEM) approach.

This research confirms the relationships posited in the KAB model. Notably, it shows that younger employees showcase a more positive attitude and behavior toward information security compared with their older counterparts. In addition, higher education levels strengthen the positive association between information security knowledge and attitude. The findings underscore the imperative for organizations to consider sociodemographic variables when formulating strategies to enhance ISA.

This study extends the KAB model by exploring the impact of sociodemographic factors, focusing on age and education in ISA. Overcoming the oversight in current literature, particularly in the context of technological threats, the research uses PLS-SEM and targets a specific demographic in Vietnam.

This paper presents a qualitative study of penetration testing, the practice of attacking information systems to find security vulnerabilities and fixing them. The purpose of this paper is to understand whether and to what extent penetration testing can reveal various socio-organisational factors of information security in organisations. In doing so, the paper innovates theory by using Routine Activity Theory together with phenomenology of information systems concepts.

The articulation of Routine Activity Theory and phenomenology emerged inductively from the data analysis. The data consists of 24 qualitative interviews conducted with penetration testers, analysed with thematic analysis.

The starting assumption is that penetration testers are akin to offenders in a crime situation, dealing with targets and the absence of capable guardians. A key finding is that penetration testers described their targets as an installed base, highlighting how vulnerabilities, which make a target suitable, often emerge from properties of the existing built digital environments. This includes systems that are forgotten or lack ongoing maintenance. Moreover, penetration testers highlighted that although the testing is often predicated on planned methodologies, often they resort to serendipitous practices such as improvisation.

This paper contributes to theory, showing how Routine Activity Theory and phenomenological concepts can work together in the study of socio-organisational factors of information security. This contribution stems from considering that much research on information security focuses on the internal actions of organisations. The study of penetration testing as a proxy of real attacks allows novel insights into socio-organisational factors of information security in organisations.

This investigation serves a dual purpose: providing preliminary results and serving as a pilot study to confirm the viability of the hypotheses advanced towards a full-scale study. This paper aims to present the preliminary findings of an investigation that explored the constructs of personality traits and situational crime prevention theory (SCPT) as antecedents to social cognitive determinants (attitude, perceived behavioural control and subjective norms using the theory of planned behaviour [TPB] framing) and how these elements subsequently estimate compliant information security behaviour. Moreover, this paper delves into the contrasting influences of light and dark personality traits on insider information security compliance.

A cross-sectional survey was conducted to study SCPT measures and the personality factors dyad using a diverse but limited sample (n = 82).

There were ten significant direct relationships between SCPT factors and personality traits related to the components of the TPB. Seventeen hypotheses were not supported. However, these findings highlight the complexity of the topic under study.

Understanding individual differences within the compliance model could be used for custom training protocols, employee selection, assignment and specific types of information security interventions.

There is a scarcity of studies considering the effects of situational and personality factors, specifically the dark versus light triad of personality traits within the information security domain. Therefore, this preliminary result provides early insight that could guide further studies. This research could have important implications for organisations at risk of insider attacks.

The study aims to examine the conceptualization of online abuse (OA) and identifies theories, countries of research, top-cited articles, methodologies, antecedents, mediators, outcomes and moderators of OA and future research opportunities. Two research questions are addressed. How have the past studies on OA progressed regarding theories, context, characteristics and methodology? What future research opportunities can be done in this area?

This study systematically reviews, synthesizes and integrates OA literature using the well-recommended preferred reporting items for systematic reviews and meta-analyses (PRISMA) rules. The literature on OA was synthesized based on the Theory–Context–Characteristics–Methodologies (TCCM) framework given by Paul and Rosado-Serrano.

Through an examination of TCCM used in OA research, the review presents an all-inclusive and up-to-date overview of the research in this arena and sets a future research agenda to spur scholarly research. This systematic literature review has analyzed top-quality sample papers, published in the past decade. As a result, it contributes to a better understanding of this relationship by analyzing the different types of use and the value added to the shopping experience.

This study provides groundwork for researchers and promotes a deeper understanding of OA.

This paper aims to identify the critical success factors in improving information security in Ghanaian firms.

Through an exploratory study of both public and private Ghanaian organizations. The study relied on a research model based on the technology–organization–environment (TOE) framework and a survey instrument to collect data from 525 employees. The data was analyzed using partial least squares-structural equation modeling (PLS-SEM).

The findings confirm the role of the technological, organizational and environmental contexts as significant determinants in the implementation of information security in Ghanaian organizations. Results from PLS-SEM analysis demonstrated a positive correlation between the technology component of information security initiative, organization’s internal efforts toward its acceptance and a successful implementation of information security in Ghanaian firms. Top management support and fund allocation among others will result in positive information security initiatives and positive attitudes toward securing the organization’s information assets.

The authors discussed the implications of the authors’ findings for research, practice and policy.

The results of this study will be useful for both governmental and non-governmental organizations in terms of best practices for increasing information security. Results from this study will aid organizations in developing countries to better understand their information security needs and identify the necessary procedures to address them.

This study contributes to filling the knowledge gap in organizational information security research and the TOE framework. Despite the TOE framework being one of the most influential theories in contemporary research of information system domains in an organizational context, there is not enough research linking the domains of information security and the TOE model.

The teenager community is the most affected community by cybercrime in the COVID-19 era. Increasing social networks and facilitating teenager access to the Internet have increased the probability of cybercrimes. On the other hand, entertainment such as mobile and computer games is top-rated among teenagers. Teenagers' tendency to cybercrime may be influenced by individual, parent, social, economic and political factors. Studying the impact of social networks, mobile games and parents' religious attitudes on teenagers' tendency to cybercrimes in the COVID-19 era is the primary goal of this paper.

The outbreak of COVID-19 caused a considerable change in the world and the lifestyle of all people. Information and Communication Technology (ICT) was also affected by the special conditions of this virus. Changes in ICT and rapid access to it have empowered individuals and organizations, and people have increased civic participation and interaction through ICT. However, the outbreak of COVID-19 has created new challenges for the government and citizens and may cause new crimes. Cybercrime is a type of crime that occurs in a cyber environment. These crimes range from invasions of privacy to crimes in which the offender vaguely paralyzes the macroeconomic. In this research, 265 students of high schools and universities are used for collecting data by utilizing a survey. Measuring actions have been done in all surveys employing a Likert scale. The causal pattern is assessed through a constructional equation modeling procedure to study the scheme's validity and reliability.

The outcomes have indicated that social networks have no significant relationship with teenagers' tendency to cybercrimes in the COVID-19 era. Mobile games have a mild effect on teenagers' tendency to cybercrimes in the COVID-19 era, and parents' religious attitudes significantly impact teenagers' tendency to cybercrimes in the COVID-19 era.

Current research also has some restrictions that must be noticed in assessing the outcomes. First, sample research was selected from high schools and universities in one city. So, the size of the model is small, and the generalization of results is limited. Second, this research may have ignored other variables that affect the tendency of teenagers' to cybercrime. Future researchers intend to investigate the parents' upbringing system's impact on teenager's trend to cybercrime in the COVID-19 era. Future research can also examine practical factors such as parental upbringing, attitudes toward technology development and virtual addiction in the COVID-19 era.

In this study, teenagers' tendency to cybercrimes in the COVID-19 era is investigated, and a procedure is applied depending on a practical occasion. This article's offered sample provides a perfect framework for influencing parents' social networks, mobile games and religious attitudes on teenagers' tendency to cybercrimes in the COVID-19 era.

Despite ongoing reports of insider-driven leakage of confidential data, both academic scholars and practitioners tend to focus on external threats and favour information technology (IT)-centric solutions to secure and strengthen their information security ecosystem. Unfortunately, they pay little attention to human resource management (HRM) solutions. This paper aims to address this gap and proposes an actionable human resource (HR)-centric and artificial intelligence (AI)-driven framework.

The paper highlights the dangers posed by insider threats and presents key findings from a Leximancer-based analysis of a rapid literature review on the role, nature and contribution of HRM for information security, especially in addressing insider threats. The study also discusses the limitations of these solutions and proposes an HR-in-the-loop model, driven by AI and machine learning to mitigate these limitations.

The paper argues that AI promises to offer many HRM-centric opportunities to fortify the information security architecture if used strategically and intelligently. The HR-in-the-loop model can ensure that the human factors are considered when designing information security solutions. By combining AI and machine learning with human expertise, this model can provide an effective and comprehensive approach to addressing insider threats.

The paper fills the research gap on the critical role of HR in securing and strengthening information security. It makes further contribution in identifying the limitations of HRM solutions in info security and how AI and machine learning can be leveraged to address these limitations to some extent.

The COVID-19 pandemic necessitated a significant shift in how employees executed their professional responsibilities. Concurrently, the incidence of cybercrime experienced a noteworthy surge due to the increased utilisation of cyberspace. The abrupt transition to telecommuting altered the interpersonal dynamics inherent in traditional work environments. This paper aims to examine the impact of interpersonal factors on the cybercrime preventative measures adopted by telecommuting employees.

A conceptual model, grounded in the Theory of Interpersonal Behaviour, is evaluated through an online survey. The data set comprises responses from 209 employees in South Africa, and the analysis uses partial least squares structural equation modelling.

The results reveal substantial predictive power to explain cybercrime preventative behaviours. Notably, the study underscores the significant influence of habit and affect on intention and subsequent behaviour.

The results suggest that practitioners should give due attention to emotional dimensions (affect) as a catalyst for information security behaviour. The formulation of employees’ information security responsibilities should be pragmatic, fostering subconscious compliance to establish routine behaviour (habit).

This research underscores the pivotal roles played by habit and emotions in shaping behavioural patterns related to information security. Furthermore, it provides researchers with an illustrative model for operationalising these constructs within the realm of security. The results contribute additional perspectives on the repercussions of the COVID-19 pandemic on cybercrime preventative behaviours.

This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing.

In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed.

The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs.

The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips.