Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility,European Journal of Information Systems

当前位置： X-MOL 学术 › Eur. J. Inf. Syst. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

Learning not to take the bait: a longitudinal examination of digital training methods and overlearning on phishing susceptibility
European Journal of Information Systems ( IF 7.3 ) Pub Date : 2021-06-20 , DOI: 10.1080/0960085x.2021.1931494
Christopher Nguyen ₁ , Matthew Jensen ₂ , Eric Day ₂

Affiliation

ABSTRACT

As phishing becomes increasingly sophisticated and costly, interventions that improve and prolong resistance to attacks are needed. Previous research supported digital training as a method to reduce phishing susceptibility. However, the effects of training degrade with time. Therefore, we investigate overlearning as an approach that may increase skill retention through repetition and developing automaticity. We performed a longitudinal experiment crossing overlearning with anti-phishing digital training (rule-based, mindfulness, and control). Participants were tested using email identification tests (immediately following and 10 weeks after training) and mock phishing messages delivered to their inboxes (1 week and 8 weeks following training). Results showed that compared to rule-based training, mindfulness training resulted in significantly greater retention in terms of better email discrimination and less susceptibility to phishing attacks but similar levels of caution towards phishing after 2 months. Overlearning resulted in significantly less susceptibility to phishing attacks and more caution towards phishing compared to no overlearning but did not impact the digital training approaches. Even so, mindfulness was more beneficial compared to overlearning. Altogether, the results demonstrate the stability of the benefits of mindfulness training over time in terms of mitigating phishing susceptibility without influencing the chances of missing legitimate emails.

中文翻译：

学会不上钩：对网络钓鱼易感性的数字训练方法和过度学习的纵向检验

摘要

随着网络钓鱼变得越来越复杂和昂贵，需要采取干预措施来提高和延长对攻击的抵抗力。先前的研究支持将数字培训作为降低网络钓鱼敏感性的一种方法。然而，训练的效果会随着时间的推移而降低。因此，我们将过度学习作为一种可以通过重复和发展自动化来提高技能保留率的方法进行调查。我们进行了一项纵向实验，将过度学习与反网络钓鱼数字训练（基于规则、正念和控制）相结合。使用电子邮件识别测试（培训后立即和培训后 10 周）和发送到收件箱的模拟网络钓鱼邮件（培训后 1 周和 8 周）对参与者进行了测试。结果表明，与基于规则的训练相比，正念训练在更好的电子邮件歧视和对网络钓鱼攻击的敏感性降低方面显着提高了保留率，但 2 个月后对网络钓鱼的谨慎程度相似。与没有过度学习相比，过度学习导致对网络钓鱼攻击的敏感性显着降低，并且对网络钓鱼更加谨慎，但不会影响数字培训方法。即便如此，与过度学习相比，正念更为有益。总而言之，结果表明随着时间的推移，正念训练在减轻网络钓鱼易感性而不影响丢失合法电子邮件的可能性方面的好处是稳定的。与没有过度学习相比，过度学习导致对网络钓鱼攻击的敏感性显着降低，并且对网络钓鱼更加谨慎，但不会影响数字培训方法。即便如此，与过度学习相比，正念更为有益。总而言之，结果表明随着时间的推移，正念训练在减轻网络钓鱼易感性而不影响丢失合法电子邮件的可能性方面的好处是稳定的。与没有过度学习相比，过度学习导致对网络钓鱼攻击的敏感性显着降低，并且对网络钓鱼更加谨慎，但不会影响数字培训方法。即便如此，与过度学习相比，正念更为有益。总而言之，结果表明随着时间的推移，正念训练在减轻网络钓鱼易感性而不影响丢失合法电子邮件的可能性方面的好处是稳定的。

更新日期：2021-06-20

点击分享查看原文

点击收藏

阅读更多本刊最新论文本刊介绍/投稿指南11