Abstract
Human behaviors and attitudes play a significant role in cybersecurity. However, studies to quantify the impact of such behaviors and attitudes are scarce, and they are not always considered when developing mitigation strategies. To compensate for this, we have looked into a large sample of employees with different levels of expertise and backgrounds across a variety of industrial sectors and organizations. We have found that age and job role constitute the main human factors associated with social media cybersecurity risks. We can confirm that the youngest employees are the most risk prone within an organization, and the employees working in the business and financial sectors are the ones who face the highest amount of cybersecurity risk. In addition, our investigation shows that employees with less than two years of working experience, and those who are at least of age 55, need more cybersecurity training, due to their lack of awareness on the subject. Our work has led us to formulate a risk equation which can assist policymakers and training providers in defining countermeasures against risks and prioritize the training for those who need it the most.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Network and Information Security Agency (ENISA). Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity (2019). https://www.enisa.europa.eu/publications/cybersecurity-culture-guidelines-behavioural-aspects-of-cybersecurity
Green, J.S.: Cyber Security: An Introduction for Non-Technical Managers. Routledge, London (2016)
Herath, T.B., et al.: Cybersecurity practices for social media users: a systematic literature review. J. Cybersecur. Priv. 2(1), 1–18 (2022)
European Network and Information Security Agency (ENISA). Cyber Europ 2010 – Evaluation Report (2010). https://www.enisa.europa.eu/publications/ce2010report/at_download/fullReport
Alshaikh, M., Naseer, H., Ahmad, A., Maynard, S.B.: Toward sustainable behaviour change: an approach for cyber security education training and awareness. In: Proceedings of the 27th European Conference on Information Systems, pp. 1–14 (2019)
Zhang, Z., Gupta, B.B.: Social media security and trustworthiness: overview and new direction. Futur. Gener. Comput. Syst. 86, 914–925 (2018)
Thakur, K., Hayajneh, T., Tseng, J.: Cyber security in social media: challenges and the way forward. IT Prof. 21, 41–49 (2019)
Alshaikh, M., Maynard, S.B., Ahmad, A., Chang, S.: An exploratory study of current information security training and awareness practices in organizations. In: Proceedings of the 51st Hawaii International Conference on System Sciences, pp. 5085–5094 (2018)
Ghazvini, A., Shukur, Z.: Awareness training transfer and information security content development for healthcare industry. Int. J. Adv. Comput. Sci. Appl. 7 (2016)
Chapple, M., Stewart, J.M., Gibson, D.: Certified Information System Security Professional (CISSP), 9th edn., p. 1248. SYBEX (2021)
Rajamäki, J., Nevmerzhitskaya, J., Virág, C.: cybersecurity education and training in hospitals: proactive resilience educational 354 framework (prosilience EF). In: Proceedings of the 2018 IEEE Global Engineering Education Conference (EDUCON), pp. 2042–2046. IEEE (2018)
Nurse, J.R., Creese, S., De Roure, D.: Security risk assessment in internet of things systems. IT prof. 19, 20–26 (2017)
King, Z.M., Henshel, D.S., Flora, L., Cains, M.G., Hoffman, B., Sample, C.: Characterizing and measuring maliciousness for cybersecurity risk assessment. Front. Psychol. 9, 39 (2018)
Ben Salamah, F., Palomino, M.A., Papadaki, M., Furnell, S.: The importance of the job role in social media cybersecurity training. In: Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 454–462 (2022). https://doi.org/10.1109/EuroSPW55150.2022.00054
Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Inf. Secur. Appl. 42, 36–45 (2018)
Parker, H.J., Flowerday, S.V.: Contributing factors to increased susceptibility to social media phishing attacks. South Afr. J. Inf. Manage. 22, 1–10 (2020)
Furnell, S., Vasileiou, I.: Security education and awareness: just let them burn? Netw. Secur. 2017, 5–9 (2017)
Blackwood-Brown, C., Levy, Y., D’Arcy, J.: Cybersecurity awareness and skills of senior citizens: a motivation perspective. J. Comput. Inf. Syst. 61, 195–206 (2021)
Hadlington, L.: Employees attitudes towards cyber security and risky online behaviours: an empirical assessment in the United Kingdom. Int. J. Cyber Criminol. 12, 262–274 (2018)
Hatzivasilis, G., et al.: Modern aspects of cyber-security training and continuous adaptation of programmes to trainees. Appl. Sci. 10, 5702 (2020)
Pedley, D., et al.: Cyber Security Skills in the UK Labour Market 2020 (2020). https://www.gov.uk/government/publications/cyber-security-skills-in-the-uk-labour-market-2020
Toth, P., Klein, P.: A role-based model for federal information technology/cyber security training. NIST Spec. Publ. 388(800), 1–152 (2013)
Nifakos, S., et al.: Influence of human factors on cyber security within healthcare organisations: a systematic review. Sensors 21, 5119 (2021)
Van Schaik, P., et al.: Security and privacy in online social networking: risk perceptions and precautionary behaviour. Comput. Hum. Behav. 78, 283–297 (2018)
Jeong, J., Mihelcic, J., Oliver, G., Rudolph, C.: Towards an improved understanding of human factors in cybersecurity. In: Proceedings of the 5th International Conference on Collaboration and Internet Computing (CIC), pp. 338–345 (2019). https://doi.org/10.1109/CIC48465.2019.00047
Dulock, H.L.: Research design: descriptive research. J. Pediatr. Oncol. Nurs. 10, 154–157 (1993)
Castro, S.: Google forms quizzes and substitution, augmentation, modification, and redefinition (SAMR) model integration. Issues Trends Educ. Technol. 6(2) (2018)
University of Plymouth. Plymouth Ethics Online System (PEOS) (2022). https://www.plymouth.ac.uk/research/plymouth-ethics-online-system
Alansari, M.M., Aljazzaf, Z.M., Sarfraz, M.: On cyber crimes and cyber security. In: Developments in Information Security and Cybernetic Wars, pp. 1–41. IGI Global (2019)
Cleary, G., Corpin, M., Cox, O.: Symantec internet security threat report. Technical report 23, Symantec Corporation, Mountain View, CA (2018). https://docs.broadcom.com/doc/istr-23-executive-summary-en
European Union Agency for Cybersecurity. Stocktaking of Information Security Training Needs in Critical Sectors (2017). https://www.enisa.europa.eu/news/enisa-news/
Kuwait Central Statistical Bureau. Population Estimates (2021). https://www.csb.gov.kw/Pages/Statistics?ID=18&ParentCatID=2
Calculator.net. Confidence Interval Calculator (2022). https://www.calculator.net/confidence-interval-calculator.html
McHugh, M.L.: The chi-square test of independence. Biochem. Med. 23, 143–149 (2013)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 IFIP International Federation for Information Processing
About this paper
Cite this paper
Salamah, F.B., Palomino, M.A., Papadaki, M., Craven, M.J., Furnell, S. (2023). Evaluating the Risks of Human Factors Associated with Social Media Cybersecurity Threats. In: Furnell, S., Clarke, N. (eds) Human Aspects of Information Security and Assurance. HAISA 2023. IFIP Advances in Information and Communication Technology, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-031-38530-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-031-38530-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-38529-2
Online ISBN: 978-3-031-38530-8
eBook Packages: Computer ScienceComputer Science (R0)