ǂThe ǂimpact of formal and informal organizational norms on susceptibility to phishing
combining survey and field experiment data
Povzetek
Phishing is one of the most common forms of social engineering that exploits human vulnerabilities and causes immense personal and organizational costs. This study advances the research on the factors of susceptibility to phishing in three regards. First, it addressed the role of organizational norms in susceptibility to phishing. Second, it aimed for high external and ecological validity by combining survey and phishing experiments data on large samples of organizations and their employees. Third, it employed a two-level design that considered explanatory variables at the individual and organizational levels. The study chiefly explored how formal, descriptive, injunctive, and personal norms influence employee interactions with phishing emails. To this end, an explanatory model was tested on 83,269 employees in 510 organizations using a multilevel modeling approach. Clicking on links in simulated phishing emails and entering personal information in simulated fraudulent websites were deemed as two types of susceptibility to phishing. Formal norms and collectively shared injunctive norms were found to exert the strongest effects on susceptibility to phishing; in contrast, personal norms exert a weak influence, and descriptive norms can result in a boomerang effect. These results have significant theoretical and practical implications for both researchers and managers seeking organizational-level mechanisms to reduce the threat of phishing emails.
Ključne besede
information security;norms;human factors;social engineering;
Podatki
| Jezik: | Angleški jezik |
|---|---|
| Leto izida: | 2022 |
| Tipologija: | 1.01 - Izvirni znanstveni članek |
| Organizacija: | UL FDV - Fakulteta za družbene vede |
| UDK: | 005.7:004.738.5:343.52 |
| COBISS: |
106109699
|
| ISSN: | 1879-324X |
| Št. ogledov: | 86 |
| Št. prenosov: | 40 |
| Ocena: | 0 (0 glasov) |
| Metapodatki: |
|
Ostali podatki
| Sekundarni jezik: | Slovenski jezik |
|---|---|
| Sekundarne ključne besede: | Informacijsko-komunikacijska tehnologija;Varnost;Phishing prevare;Organizacijsko vedenje; |
| Vrsta dela (COBISS): | Članek v reviji |
| Strani: | str. 1-15 |
| Zvezek: | ǂVol. ǂ67 |
| Čas izdaje: | Feb. 2022 |
| DOI: | 10.1016/j.tele.2021.101766 |
| ID: | 15155065 |
Priporočena dela:
ǂThe ǂimpact of formal and informal organizational norms on susceptibility to phishing
2022,
combining survey and field experiment data
Oskrba starejših na daljavo
2021,
diplomsko delo
Usposabljanje učiteljev za uporabo informacijsko-komunikacijske tehnologije
2005,
ni podatka o podnaslovu
Prizadevanja za izboljšanje računalniške pismenosti
2006,
ni podatka o podnaslovu
Uporaba videokonference pri pouku angleščine v osnovni šoli
2016,
magistrsko delo