网络钓鱼
工作组
欺骗
背景(考古学)
互联网隐私
信息安全
计算机安全
知识管理
计算机科学
心理学
社会心理学
万维网
互联网
古生物学
生物
计算机网络
作者
Ryan Wright,Steven L. Johnson,Brent Kitchens
标识
DOI:10.25300/misq/2022/16625
摘要
Despite widespread awareness of risks, significant investments in cybersecurity protection, and substantial economic incentives to avoid security breaches, organizations remain vulnerable to phishing attacks. Phishing research has informed effective practical interventions to address phishing susceptibility that emphasize the importance of broadly applicable IT security knowledge. Yet employees still frequently fall victim to phishing attempts. To help understand why, we conceptualize phishing susceptibility as the failure to differentiate between deceptive and legitimate information processing requests that occur within the context of an employee’s typical job responsibilities. We apply this contextual lens to identify characteristics of knowledge workers’ organizational task and social context that may enhance or diminish performance in detecting deception in phishing email attempts. To test our hypotheses, we conducted a study in which employees of the finance division of a large university encountered simulated email-based phishing attempts as part of their normal work routine. We found evidence supporting our hypotheses that an individual’s susceptibility to phishing attacks is influenced by their position in the knowledge flows of the organization and by the impact of workgroup responsibilities on their cognitive processing. We contend that phishing susceptibility is not merely a matter of IT security knowledge but is also influenced by contextualized, multilevel influences on information processing. As phishing attacks are increasingly targeted to specific organizational settings, it is even more important to incorporate this contextualized information processing view of phishing susceptibility.
科研通智能强力驱动
Strongly Powered by AbleSci AI