Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks

Dezhi Wu; Jun Zhang; Nicholas Brown; Paul Benjamin Lowry; Gregory Moody

Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks

Dezhi Wu, Jun Zhang, Nicholas Brown, Paul Benjamin Lowry, Gregory Moody

Department of Human Centred Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

Abstract

The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To onboard and train employees, companies are left with mainly virtual means to deliver SETA training, using two common training approaches: rule-based and mindfulness. Employees are also facing more challenges and distractions at home where practicing rules and mindfulness can become particularly difficult. Drawing on inoculation theory, this study proposes a new training approach to promote higher resiliency and “umbrella protection” against increasing phishing attacks. This study plans to conduct a mobile phishing SETA training field study at an organization to empirically examine the efficacy of the proposed inoculation-based security training method for work-from-home scenarios.

Original language	English
Title of host publication	Annual Pre-ICIS Workshop on HCI Research in MIS 2020
Editors	Constantinos K. Coursaris, Gregory D. Moody, Brian Dunn, Mark Grimes, Chee-Wee Tan
Place of Publication	Atlanta Georgia USA
Publisher	Association for Information Systems
Number of pages	5
Publication status	Published - 2020
Event	Annual Pre-ICIS Workshop on HCI Research in MIS 2020 - Online, United States of America Duration: 12 Dec 2020 → 12 Dec 2020 Conference number: 19th https://aisel.aisnet.org/sighci2020/ (Proceedings) https://sighci.org/conferences/2020-pre-icis-workshop/ (Website)

Conference

Conference	Annual Pre-ICIS Workshop on HCI Research in MIS 2020
Abbreviated title	HCI/MIS Workshop 2020
Country/Territory	United States of America
Period	12/12/20 → 12/12/20
Internet address	https://aisel.aisnet.org/sighci2020/ (Proceedings) https://sighci.org/conferences/2020-pre-icis-workshop/ (Website)

Access to Document

709977830-oaFinal published version, 318 KB

https://aisel.aisnet.org/sighci2020/7

Cite this

Wu, D., Zhang, J., Brown, N., Lowry, P. B., & Moody, G. (2020). Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks. In C. K. Coursaris, G. D. Moody, B. Dunn, M. Grimes, & C.-W. Tan (Eds.), Annual Pre-ICIS Workshop on HCI Research in MIS 2020 Association for Information Systems. https://aisel.aisnet.org/sighci2020/7

Wu, Dezhi ; Zhang, Jun ; Brown, Nicholas et al. / Patching The “Human” in Information Security : Using the Inoculation Defense to Confer Resistance Against Phishing Attacks. Annual Pre-ICIS Workshop on HCI Research in MIS 2020. editor / Constantinos K. Coursaris ; Gregory D. Moody ; Brian Dunn ; Mark Grimes ; Chee-Wee Tan. Atlanta Georgia USA : Association for Information Systems, 2020.

@inproceedings{42410d28a21c411db3e0ad731aa31dd7,

title = "Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks",

abstract = "The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To onboard and train employees, companies are left with mainly virtual means to deliver SETA training, using two common training approaches: rule-based and mindfulness. Employees are also facing more challenges and distractions at home where practicing rules and mindfulness can become particularly difficult. Drawing on inoculation theory, this study proposes a new training approach to promote higher resiliency and “umbrella protection” against increasing phishing attacks. This study plans to conduct a mobile phishing SETA training field study at an organization to empirically examine the efficacy of the proposed inoculation-based security training method for work-from-home scenarios.",

author = "Dezhi Wu and Jun Zhang and Nicholas Brown and Lowry, \{Paul Benjamin\} and Gregory Moody",

year = "2020",

language = "English",

editor = "\{K. Coursaris\}, Constantinos and \{D. Moody\}, Gregory and Brian Dunn and Mark Grimes and Chee-Wee Tan",

booktitle = "Annual Pre-ICIS Workshop on HCI Research in MIS 2020",

publisher = "Association for Information Systems",

address = "United States of America",

note = "Annual Pre-ICIS Workshop on HCI Research in MIS 2020, HCI/MIS Workshop 2020 ; Conference date: 12-12-2020 Through 12-12-2020",

url = "https://aisel.aisnet.org/sighci2020/, https://sighci.org/conferences/2020-pre-icis-workshop/",

}

Wu, D, Zhang, J, Brown, N, Lowry, PB & Moody, G 2020, Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks. in C K. Coursaris, G D. Moody, B Dunn, M Grimes & C-W Tan (eds), Annual Pre-ICIS Workshop on HCI Research in MIS 2020. Association for Information Systems, Atlanta Georgia USA, Annual Pre-ICIS Workshop on HCI Research in MIS 2020, United States of America, 12/12/20. <https://aisel.aisnet.org/sighci2020/7>

Patching The “Human” in Information Security: Using the Inoculation Defense to Confer Resistance Against Phishing Attacks. / Wu, Dezhi; Zhang, Jun; Brown, Nicholas et al.
Annual Pre-ICIS Workshop on HCI Research in MIS 2020. ed. / Constantinos K. Coursaris; Gregory D. Moody; Brian Dunn; Mark Grimes; Chee-Wee Tan. Atlanta Georgia USA: Association for Information Systems, 2020.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Patching The “Human” in Information Security

T2 - Annual Pre-ICIS Workshop on HCI Research in MIS 2020

AU - Wu, Dezhi

AU - Zhang, Jun

AU - Brown, Nicholas

AU - Lowry, Paul Benjamin

AU - Moody, Gregory

N1 - Conference code: 19th

PY - 2020

Y1 - 2020

N2 - The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To onboard and train employees, companies are left with mainly virtual means to deliver SETA training, using two common training approaches: rule-based and mindfulness. Employees are also facing more challenges and distractions at home where practicing rules and mindfulness can become particularly difficult. Drawing on inoculation theory, this study proposes a new training approach to promote higher resiliency and “umbrella protection” against increasing phishing attacks. This study plans to conduct a mobile phishing SETA training field study at an organization to empirically examine the efficacy of the proposed inoculation-based security training method for work-from-home scenarios.

AB - The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To onboard and train employees, companies are left with mainly virtual means to deliver SETA training, using two common training approaches: rule-based and mindfulness. Employees are also facing more challenges and distractions at home where practicing rules and mindfulness can become particularly difficult. Drawing on inoculation theory, this study proposes a new training approach to promote higher resiliency and “umbrella protection” against increasing phishing attacks. This study plans to conduct a mobile phishing SETA training field study at an organization to empirically examine the efficacy of the proposed inoculation-based security training method for work-from-home scenarios.

M3 - Conference Paper

BT - Annual Pre-ICIS Workshop on HCI Research in MIS 2020

A2 - K. Coursaris, Constantinos

A2 - D. Moody, Gregory

A2 - Dunn, Brian

A2 - Grimes, Mark

A2 - Tan, Chee-Wee

PB - Association for Information Systems

CY - Atlanta Georgia USA

Y2 - 12 December 2020 through 12 December 2020

ER -