Skip to main content
Article
Towards an Assessment of Pause Periods on User Habituation in Mitigation of Phishing Attacks
KSU Proceedings on Cybersecurity Education, Research and Practice
  • Amy Antonucci, Nova Southeastern University
  • Yair Levy, Nova Southeastern University
  • Martha Snyder, Nova Southeastern University
  • Laurie Dringus, Nova Southeastern University
Start Date
23-10-2020 2:00 PM
End Date
23-10-2020 2:30 PM
Location
Zoom Session 1 (Main Papers Track)
Abstract

Social engineering is the technique in which the attacker sends messages to build a relationship with the victim and convinces the victim to take some actions that lead to significant damages and losses. Industry and law enforcement reports indicate that social engineering incidents costs organizations billions of dollars. Phishing is the most pervasive social engineering attack. While email filtering and warning messages have been implemented for over three decades, organizations are constantly falling for phishing attacks. Prior research indicated that attackers use phishing emails to create an urgency and fear response in their victims causing them to use quick heuristics, which leads to human errors. Humans use two types of decision-making processes: a heuristic decision, which is a quick, instinctual decision-making process known as ‘System One’, and a second, known as ‘System Two,’ that is a slow, logical process requiring attention. ‘System Two’ is often triggered by a pause in the decision-making process. Additionally, timers were found in other research fields (medicine, transportation, etc.) to affect users’ judgement and reduce human errors. Therefore, the main goal of this work-in-progress research study is to determine through experimental field study whether requiring email users to pause by displaying a phishing email warning with a timer, has any effect on users falling to simulated phishing attacks. This paper will outline the rationale and the process proposed for the validation of the field experiments with Subject Matter Experts (SMEs). Limitations of the proposed study and recommendation for further research are provided.

Comments

Keywords: Cybersecurity, phishing emails, heuristic in cybersecurity, habituation in cybersecurity, phishing email warnings

Citation Information
Amy Antonucci, Yair Levy, Martha Snyder and Laurie Dringus. "Towards an Assessment of Pause Periods on User Habituation in Mitigation of Phishing Attacks" (2020)
Available at: http://works.bepress.com/martha_snyder/93/