FINAL submitted 11 August.pdf (514.18 kB)
Employees’ behavior in phishing attacks: what individual, organizational and technological factors matter?
journal contribution
posted on 2023-06-09, 21:29 authored by Hamidreza Shahbaznezhad, Farzan Kolini, Mona RashidiradPhishing, as a social engineering attack has become an increasing threat to organizations in cyberspace. To prevent this, a well-designed continuous security training and educational program needs to be established and enforced in organizations. Prior studies have focused on phishing attack from a limited view of technology countermeasure, e-mail’s characteristic, information processing, and securing individual’s behaviors to tackle existing gaps. In this research, we developed a theoretical model of factors that influence users in the clicking of phishing e-mails from a broader Socio-Technical perspective. We applied Protection Motivation Theory (PMT) and habit theory for investigating individual factors, Theory of Planned Behavior (TPB) and Deterrence Theory for investigating organizational and technological factors accordingly. The findings revealed habit and protective countermeasure positively affect clicking on phishing e-mails, whereas, no effect of the procedural countermeasures was evident. The results of this study can be used to design phishing simulation exercise and embedded training for vulnerable employees.
History
Publication status
- Published
File Version
- Accepted version
Journal
Journal of Computer Information SystemsISSN
0887-4417Publisher
Taylor & FrancisExternal DOI
Page range
1-12Department affiliated with
- Strategy and Marketing Publications
Full text available
- Yes
Peer reviewed?
- Yes
Legacy Posted Date
2020-09-02First Open Access (FOA) Date
2021-10-30First Compliant Deposit (FCD) Date
2020-09-02Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC