EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Evaluation of Contextual and Game-Based Training for Phishing Detection

Joakim Kävrestad, Allex Hagberg, Marcus Nohlberg, Jana Rambusch, Robert Roos and Steven Furnell
Additional contact information
Joakim Kävrestad: School of Informatics, University of Skövde, 541 28 Skövde, Sweden
Allex Hagberg: Xenolith AB, 541 34 Skövde, Sweden
Marcus Nohlberg: School of Informatics, University of Skövde, 541 28 Skövde, Sweden
Jana Rambusch: School of Informatics, University of Skövde, 541 28 Skövde, Sweden
Robert Roos: Xenolith AB, 541 34 Skövde, Sweden
Steven Furnell: School of Computer Science, University of Nottingham, Nottingham NG7 2RD, UK

Future Internet, 2022, vol. 14, issue 4, 1-16

Abstract: Cybersecurity is a pressing matter, and a lot of the responsibility for cybersecurity is put on the individual user. The individual user is expected to engage in secure behavior by selecting good passwords, identifying malicious emails, and more. Typical support for users comes from Information Security Awareness Training (ISAT), which makes the effectiveness of ISAT a key cybersecurity issue. This paper presents an evaluation of how two promising methods for ISAT support users in acheiving secure behavior using a simulated experiment with 41 participants. The methods were game-based training, where users learn by playing a game, and Context-Based Micro-Training (CBMT), where users are presented with short information in a situation where the information is of direct relevance. Participants were asked to identify phishing emails while their behavior was monitored using eye-tracking technique. The research shows that both training methods can support users towards secure behavior and that CBMT does so to a higher degree than game-based training. The research further shows that most participants were susceptible to phishing, even after training, which suggests that training alone is insufficient to make users behave securely. Consequently, future research ideas, where training is combined with other support systems, are proposed.

Keywords: usable security; cybersecurity training; ISAT; SETA; phishing; user awareness; security behavior (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/14/4/104/pdf (application/pdf)
https://www.mdpi.com/1999-5903/14/4/104/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:14:y:2022:i:4:p:104-:d:779616

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jftint:v:14:y:2022:i:4:p:104-:d:779616