Social engineering defence mechanisms and counteracting training strategies

2017 ◽  
Vol 25 (2) ◽  
pp. 206-222 ◽  
Author(s):  
Peter Schaab ◽  
Kristian Beckers ◽  
Sebastian Pape
Keyword(s):  
Social Psychology ◽  
Social Engineering ◽  
Reference Points ◽  
Human Behaviour ◽  
It Security ◽  
Content Type ◽  
Training Techniques ◽  
Social Proof ◽  
Training Strategies ◽  
Defence Strategies

Purpose This paper aims to outline strategies for defence against social engineering that are missing in the current best practices of information technology (IT) security. Reason for the incomplete training techniques in IT security is the interdisciplinary of the field. Social engineering is focusing on exploiting human behaviour, and this is not sufficiently addressed in IT security. Instead, most defence strategies are devised by IT security experts with a background in information systems rather than human behaviour. The authors aim to outline this gap and point out strategies to fill the gaps. Design/methodology/approach The authors conducted a literature review from viewpoint IT security and viewpoint of social psychology. In addition, they mapped the results to outline gaps and analysed how these gaps could be filled using established methods from social psychology and discussed the findings. Findings The authors analysed gaps in social engineering defences and mapped them to underlying psychological principles of social engineering attacks, for example, social proof. Furthermore, the authors discuss which type of countermeasure proposed in social psychology should be applied to counteract which principle. The authors derived two training strategies from these results that go beyond the state-of-the-art trainings in IT security and allow security professionals to raise companies’ bars against social engineering attacks. Originality/value The training strategies outline how interdisciplinary research between computer science and social psychology can lead to a more complete defence against social engineering by providing reference points for researchers and IT security professionals with advice on how to improve training.

Moral Responsibility, Socially Embedded

2018 ◽  
Author(s):  
Lisa Herzog
Keyword(s):  
Social Psychology ◽  
Moral Responsibility ◽  
Moral Agency ◽  
Human Behaviour ◽  
Shared Responsibility ◽  
The Face ◽  
Moral Theorizing ◽  
The Impact

This chapter asks whether we can hold on to the picture of the morally responsible subject as we knew it in the face of evidence from social psychology about the impact of contexts on human behaviour. Some theorists have taken this to present a major challenge to moral theorizing. However, the chapter argues that, while we should acknowledge the malleability of human behaviour, we should not give up the notion of responsible agency. Rather, we need to broaden our theoretical horizon in order to include individuals’ co-responsibility for the contexts in which they act. This argument is a general one, but it is of particular relevance for organizations: it is our shared responsibility to turn them into contexts in which moral agency is supported rather than undermined.

Disposition effect at the market level: evidence from Indian stock market

2019 ◽  
Vol 12 (2) ◽  
pp. 69-82
Author(s):  
Sravani Bharandev ◽  
Sapar Narayan Rao
Keyword(s):  
Trading Volume ◽  
Stock Exchange ◽  
Reference Points ◽  
Disposition Effect ◽  
Content Type ◽  
Ex Post ◽  
Abnormal Trading Volume ◽  
The Difference ◽  
Trading Volumes ◽  
Indian Stock Market

Purpose The purpose of this paper is to test the disposition effect at market level and propose an appropriate reference point for testing disposition at market level. Design/methodology/approach This is an empirical study conducted on 500 index stocks of NSE500 (National Stock Exchange). Winning and losing days for each stock are calculated using 52-week high and low prices as reference points. To test disposition effect, abnormal trading volumes of stocks are regressed on their percentage of winning (losing) days. Further using ANOVA, the difference between mean of percentage of winning (losing) days of high abnormal trading volume deciles and low abnormal trading volume deciles is tested. Findings Results show that a stock’s abnormal trading volume is positively influenced by the percentage of winning days whereas percentage of losing days show no such effect. Findings are consistent even after controlling for volatility and liquidity. ANOVA results show the presence of high percentage of winning days in higher deciles of abnormal trading volumes and no such pattern in case of losing days confirms the presence of disposition effect. Further an ex post analysis indicates that disposition prone investors accumulate losses. Originality/value This is the first study, which proposes the use of 52-week high and low prices as reference points to test the market-level disposition effect. Findings of this study enhance the limited literature available on disposition effect in emerging markets by providing evidence from Indian stock markets.

Preservation for diverse users: digital preservation and the “Designated Community” at the Ontario Jewish Archives

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nathan Moles
Keyword(s):  
Digital Preservation ◽  
Reference Points ◽  
Digital Information ◽  
User Group ◽  
Content Type ◽  
Open Archival Information System ◽  
Novel Approach ◽  
Core Components ◽  
Unique Approach

PurposeConventional approaches to digital preservation posit that archives should define a Designated Community, or future user group, for whom they preserve digital information. Archivists can then use their knowledge of these users as a reference to help them deliver digital information that is intelligible and usable. However, this approach is challenging for archives with mandates to serve wide and diverse audiences; these archives risk undermining their efforts by focusing on the interests of a narrow user group.Design/methodology/approachA unique approach to this challenge was developed in the context of a project to build a digital preservation program at the Ontario Jewish Archives (OJA). It draws from previous research on this topic and is based on a combination of practical and theoretical considerations.FindingsThe approach described here replaces the reference of a Designated Community with three core components: a re-articulation of the Open Archival Information System (OAIS) mandatory responsibilities; the identification of three distinct tiers of access for digital records; and the implementation of an access portal that allows digital records to be accessed and rendered online. Together with supplemental shifts in reference points, they provide an alternative to the concept of a Designated Community in the determination of preservation requirements, the identification of significant properties, the creation of Representation Information and in the evaluation of success.Originality/valueThis article contributes a novel approach to the ongoing conversation about the Designated Community in digital preservation, its application and its limitations in an archival context.

Challenges of Moksh Organization: an epitome of humanity

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nikhil K. Mehta ◽  
Shubham Chourasia ◽  
Aswini Devadas
Keyword(s):  
Social Psychology ◽  
Business Communication ◽  
Prima Facie ◽  
Content Type ◽  
Secondary Sources ◽  
Social Stereotypes ◽  
Academic Level ◽  
The Social ◽  
Dead Bodies ◽  
Social Leadership

Theoretical basis This case uses concepts from Korten’s strategies of development-oriented four generations of non-government organizations (NGOs) and social psychology such as stereotypes, prejudices and actions to explain the social phenomenon. In furtherance, the case presents Aristotle’s approach to creating a message for masses that include use of ethos, pathos and logos. Stood’s (2017) narrative, engagement and technology (NET) model of social leadership was used to analyse the characteristics of social leaders. Research methodology Prima facie the case was developed from primary sources i.e. interviewing with Ashish Thakur. Literature from secondary sources was obtained to make teaching notes. List of references is presented towards the end that depicts the use of textbooks, research papers, websites and blogs. This case was tested in the classroom with MBA students learning business communication. Case overview/synopsis The case dealt with the challenges of an NGO that included conducting respectful last rites of unclaimed dead bodies. As the NGO grew, Ashish Thakur, the initiator of Moksh started facing resource management challenges, namely, volunteer induction, fundraising and managing non-human resources. These issues are deeply embedded in several social stereotypes about dead bodies. Learning covers strategies of four generations of NGO development, a NET model of social leadership, breaking social stereotypes related to dead bodies and last rites (necrophobia), designing social communication and opportunity to assess faulty rationalizations and do critical thinking around the socio-religious practices. Complexity academic level This case is intended to be used for the students of the social leadership or social entrepreneurship, social psychology, business communication or communication skills, organizational behaviour, advertising and social media.

Brand identity and culture interaction in the Indian context: a grounded approach

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Arbuda Sharma ◽  
Sanjay Patro ◽  
Harish Chaudhry
Keyword(s):  
Reference Points ◽  
Customer Relationship ◽  
Brand Identity ◽  
Theory Approach ◽  
Content Type ◽  
Cultural Aspects ◽  
Indian Context ◽  
Inductive Research ◽  
Quality Product ◽  
Cultural Cues

PurposeThe purpose of this study is to explore how elements of culture and cultural cues such as customs, values and norms interact with the brand identity. A qualitative research has been done to understand which cultural aspect is important for which aspect of brand identity. The results would be useful for designing the product.Design/methodology/approachThis research focuses on exploring and validating the interaction between the factors of brand identity and various dimensions of culture. Multiple frameworks of brand identity and culture have been reviewed, factors have been identified and the interaction between the factors of brand identity and elements of culture has been established in the Indian context. Grounded theory approach has been exercised here as a holistic inductive research technique for identifying the interaction between factors of brand identity and elements of culture. This paper has explored inter-relationship between strategies adopted by managers in creation of brand identity and its consequential perception.FindingsFollowing interaction has been found between the brand identity factors and cultural aspects – product shape, product size and packaging size – were found to interact with individualism vs collectivism, brand image, overall brand presentation, distribution, perception and quality were found to be strongly associated with power distance. Similarly associations were found between country of origin and belief, quality, product differentiation, frame of reference, points of parity and uncertainty avoidance, between Brand Ambassador – Person/ Icon and 9; Beliefs, between Fit with environment and self, Brand customer relationship and long term vs short term orientation, between Enhanced Self Perception and Masculinity vs Femininity, between Brand heritage, packaging colors and images and Customs and Symbols.Research limitations/implicationsThe outcomes of our research show that customization is an indispensable principle to be followed in the global markets and elements of culture and cultural indications such as customs, values and collective norms are integral in driving the branding strategies.Practical implicationsThe outcomes of the study lay emphasis on the parallel groundwork that the managers must make for their strategies, so that, the company centric variables of brand identity are well in sync with the socio cultural indicators of the region they are serving.Originality/valueUnlike previous researches, this work records the consumers' perspective in understanding their purchase choices based on their cultural norms and influences.

Aspirations or survival: decision modeling and the effect of focus of attention in risky choice

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Guy Moshe Ross
Keyword(s):  
Risk Taking ◽  
Reference Point ◽  
Effect Study ◽  
Focus Of Attention ◽  
Risky Choice ◽  
Reference Points ◽  
Aspiration Level ◽  
Content Type ◽  
Randomized Controlled Studies ◽  
Risky Option

Purpose This research aims to test focus of attention effects in risky choice. Design/methodology/approach As opposed to traditional aspiration-level theory, the shifting-focus concept introduces a second reference point, the survival point, and assumes a shifting focus of attention between the two reference points. In this conceptualization, risk-taking is a function of focus of attention on the survival reference point or the aspiration-level and resources relative to the two reference points. Four randomized controlled studies tested this concept. Findings Study 1 showed that with aspiration focus the probability of choosing a risky option was higher below an aspiration-level than above it. With survival focus, the effect was reversed. Study 2 found that close to the survival reference point, the probability of choosing a risky option was higher with aspiration focus relative to survival focus. Study 3 revealed that with scarce resources the risk taken was higher with aspiration focus than with survival focus, and the scarcer the resources the stronger was the effect. Study 4 demonstrated that with aspiration focus the risk taken was higher below an aspiration-level than above it. With survival focus the effect was reversed. Originality/value In addition to providing support for the validity of the shifting focus concept, this paper elaborates on the theoretical model by providing evidence for moderation effects. Risk-taking was affected by a focus of attention on one of two reference points, and the effect was moderated by resources relative to the two focal points. An advanced model is proposed to capture the effects of focus of attention and resources on risk-taking behavior.

Response to a phishing attack: persuasion and protection motivation in an organizational context

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Piers Bayl-Smith ◽  
Ronnie Taib ◽  
Kun Yu ◽  
Mark Wiggins
Keyword(s):  
Online Survey ◽  
Organizational Context ◽  
Relative Effectiveness ◽  
Social Engineering ◽  
Organizational Response ◽  
Protection Motivation ◽  
Reporting Behavior ◽  
Content Type ◽  
Response Efficacy ◽  
Business Environments

Purpose This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context. Design/methodology/approach In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior (N = 2,918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy. Findings The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack. Practical implications This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments. Originality/value The authors extend existing phishing literature by investigating not only click-through behavior, but also no-response and reporting behaviors. Furthermore, the authors observed the relative effectiveness of persuasion strategies used in phishing emails as they compete to manipulate unsafe email behavior.

scholarly journals Online social network security awareness: mass interpersonal persuasion using a Facebook app

2019 ◽  
Vol 32 (5) ◽  
pp. 1276-1300
Author(s):  
Ehinome Ikhalia ◽  
Alan Serrano ◽  
David Bell ◽  
Panos Louvieris
Keyword(s):  
Social Network ◽  
Online Social Network ◽  
Social Engineering ◽  
Security Awareness ◽  
Structured Interviews ◽  
Experimental Conditions ◽  
Content Type ◽  
Paired Samples ◽  
Mip Model ◽  
System Usability Scale

Purpose Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC). Design/methodology/approach The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself. Findings Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs. Research limitations/implications The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions. Practical implications SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos. Social implications The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness. Originality/value Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.

Conditional factors for training activities in Chinese, Indian and Mexican subsidiaries of German companies

2020 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Beke Vogelsang ◽  
Matthias Pilz
Keyword(s):  
Influencing Factors ◽  
External Factors ◽  
Further Training ◽  
Host Countries ◽  
Foreign Investments ◽  
Content Type ◽  
Training Strategies ◽  
The Impact ◽  
And Training ◽  
National Borders

Purpose The purpose of this paper is to analyse the qualification measures of 12 German multi-national companies (MNCs), all of which are present in China, India and Mexico. In particular, the transfer of dual initial training practices and further training measures are investigated. It examines the impact consistent training strategies across national borders have emerged in German companies or local arrangements have developed despite identical internal influencing factors. Design/methodology/approach Because of its design, the focus is on the external factors that influence the companies’ training measures. However, an exploratory approach was followed. To pursue the research question face-to-face expert interviews were conducted with 46 training managers in 12 active companies in all 3 countries. The interviews were completely transcribed and evaluated using qualitative methods. Findings The analysis shows that it is not internal company factors but country-specific contextual factors that influence training measures and that companies cannot act in the same way worldwide. Research limitations/implications The study is based on 12 MNC and only analyses the blue-collar area. Therefore, it would have to be evaluated whether a similar analysis would result from a survey of other companies in different sectors or whether the differences in terms of training and further training measures would then be even greater. Practical implications The study supports the internationalization strategies of MNC by providing first-hand empirical results concerning recruitment and training of blue colour workers on an intermediate skill level. It gives evidence on the need of national adaptation in the process of transferring training cultures from countries of origin into the host countries. More attention must, therefore, be paid to external factors when developing and implementing training measures. Social implications The economic development in many countries includes an expansion of foreign investments. MNC provides employment and income for workers and their families. However, successful foreign investments also include sustainable recruitment and training strategies of the local workforce. The results of the study support policymakers to guide and support foreign companies to develop successful Human Resource Management strategies in the host countries. Originality/value This paper is original because due to the research design the internal factors are kept largely constant and the external influencing factors are singularly focused in detail. Therefore, this procedure makes it possible to investigate whether consistency training strategies across national borders have emerged in German companies or local arrangements have developed despite identical internal influencing factors.

Investigating personal determinants of phishing and the effect of national culture

2015 ◽  
Vol 23 (2) ◽  
pp. 178-199 ◽  
Author(s):  
Waldo Rocha Flores ◽  
Hannes Holm ◽  
Marcus Nohlberg ◽  
Mathias Ekstedt
Keyword(s):  
Information Security ◽  
National Culture ◽  
Social Engineering ◽  
Theoretical Models ◽  
General Information ◽  
Cultural Analysis ◽  
Firm Characteristics ◽  
Content Type ◽  
Swedish Sample ◽  
Culture Effects

Purpose – The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Design/methodology/approach – To measure potential determinants, a survey was distributed to 2,099 employees of nine organizations in Sweden, USA and India. Then, the authors conducted unannounced phishing exercises, in which a phishing attack targeted the same sample. Findings – Intention to resist social engineering, general information security awareness, formal IS training and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed that phishing behavior differs between Swedish, US and Indian employees in 6 out of 15 cases. Research limitations/implications – The identified determinants had, even though not strong, a significant positive correlation. This suggests that more work needs to be done to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, differences based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of the research is therefore to further explore the generalizability of the findings by collecting data from other nations with similar cultures as Sweden, USA and India. Originality/value – Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses both these issues.

Sign in / Sign up

Export Citation Format

Share Document