Rewind
All the content from last year’s PeepSec, Impact and flagship industry events
Delegate the smartphone user? Security awareness in smartphone platforms
Smartphone users increasingly download and install third-party applications from official application repositories. Attackers may use this centralized application delivery architecture as a security and privacy attack vector. This risk increases since application...
The righteous mind: Why good people are divided by politics and religion (Chapter 7)
In chapter 7 of this book, Jonathan Haidt draws on economic and social psychological research to show how demonstrations of violations of care, fairness, loyalty, authority and sanctity can be used in different ways to promote both right wing and left wing politcal...
The effects of sanctions and stigmas on cyberloafing
This paper addresses the issue of cyberloafing, a widespread problem for many organizations. Some researchers propose a deterrence approach, using acceptable use policies for internet-based applications along with mechanisms to monitor employee internet usage and...
My profile is my password, verify me! The privacy/convenience tradeoff of Facebook Connect
We performed a laboratory experiment to study the privacy tradeoff offered by Facebook Connect: disclosing Facebook profile data to third-party websites for the convenience of logging in without creating separate accounts. We controlled for trustworthiness and amount...
Improving password cybersecurity through inexpensive and minimally invasive means: Detecting and deterring password reuse through keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals
Password reuse – using the same password for multiple accounts – is a prevalent phenomenon that can make even the most secure systems vulnerable. When passwords are reused across multiple systems, hackers may compromise accounts by stealing passwords from low-security...
QRishing: The susceptibility of smartphone users to QR code phishing attacks
The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be scanned readily and parsed by consumer mobile...
Enemies within: Redefining the insider threat in organizational security policy
This article critically examines the insider threat in organizations in the context of electronic information exchanges. The current data loss threat model primarily focuses on the criminal outsider, often viewing the insider threat as 'outsiders by proxy'. This...
Using phishing to test social engineering awareness of financial employees
Social engineering is the biggest security threat to financial institutions because it exploits the weakest link in any security system: the human element. It is proposed here that combining specialized training on social engineering followed by repeated audit tests...
A study of user password strategy for multiple accounts
Despite advances in biometrics and other technologies, passwords remain the most commonly used means of authentication in computer systems. Users maintain different security levels for different passwords. In this study, we examine the degree of similarity among...
Targeted risk communication for computer security
Attacks on computer systems are rapidly becoming more numerous and more sophisticated, and current preventive techniques do not seem able to keep pace. Many successful attacks can be attributed to user errors: for example, while focused on other tasks, users may...
Nudging people away from privacy-invasive mobile apps through visual framing
Smartphone users visit application marketplaces (or app stores) to search and install applications. However, these app stores are not free from privacy-invasive apps, which collect personal information without sufficient disclosure or people’s consent. To nudge people...
Applying the theory of planned behaviour to predicting online safety behaviour
A widely promoted preventative measure against becoming a victim of cybercrime is the control of personal information online; however, little is known about what predicts the use of this type of protective safety behaviour. This study examines the utility of the...
Modifying smartphone user locking behavior
With an increasing number of organizations allowing personal smart phones onto their networks, considerable security risk is introduced. The security risk is exacerbated by the tremendous heterogeneity of the personal mobile devices and their respective installed pool...
A path way to successful management of individual intention to security compliance: A role of organizational security climate
While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with...
End user information security awareness programs for improving information security in banking organizations: Preliminary results from an exploratory study
The purpose of this research is to analyze information security awareness (ISA) programs and the measurement of ISA behavior in banking organizations. The underlying paper summarizes the qualitative and exploratory part of our two-staged mixed methods research on the...
A review of young people’s vulnerabilities to online grooming
According to this study: adolescents appear to be the age group most vulnerable to online grooming; parental involvement in a child's internet use protects against online grooming; and the more risk-taking behaviors a young person carries out, the more vulnerable they...
A study of social engineering in online frauds
Researchers analyse 200 scam emails in search of patterns, and find alert and account verification, urgency, potential monetary gain, business proposals and mentions of large, unclaimed funds are repeatedly used in scam emails.
A pilot study of cyber security and privacy related behavior and personality traits
This study examines the correlation between the Big Five personality traits (extraversion, agreeableness, openness, conscientiousness, and neuroticism) and email phishing response. It finds neuroticism to be most correlated with email phishing susceptibilty.
Enhancing password security through interactive fear appeals: A web-based field experiment
Passwords remain the dominant authentication mechanism for information security. Unfortunately, research has shown that most passwords are highly insecure. Given the risks of using weak passwords, there is a need to effectively motivate users to select strong...
Employees’ information security awareness and behavior: A literature review
Today's organizations are highly dependent on information management and processes. Information security is one of the top issues for researchers and practitioners. In literature, there is consent that employees are the weakest link in IS security. A variety of...
Improving internet security through social information and social comparison: A field quasi-experiment
Cybersecurity is a national priority in this big data era. Because of negative externalities and the resulting lack of economic incentives, companies often underinvest in security controls, despite government and industry recommendations. Although many existing...