This dissertation addresses the problem of practice of the high rate of employees in financial organizations clicking on phishing links, positioning their companies at risk of a data incident or breach. The financial sector was the most breached industry in 2022 (Schwartz, 2022) and was impacted the most by malicious phishing emails (Trellix…

A high number of cyber breaches in organizations occur as a result of email phishing attempts. Research has shown that cyber education has a positive impact in user awareness of attack methods resulting in the reduction of compromises from email phishing attempts. However, in some instances, cyber education does not have a positive impact on the…

As the digital world evolves, so does the risk of cyberattacks. Despite technology playing a vital role in nullifying these threats, the human factor is still regarded as one of the greatest weaknesses. End-user behavior is a major cause of information security breaches. This quantitative empirical study used a single-group, pre-post-test,…

Email attacks comprise an overwhelming majority of the daily attacks on modern enterprise. "Phishing" is the leading attack vector for the world's most dangerous threats such as the so-called, Advanced Persistent Threat (APT), and hacktivist groups such as Anonymous and LulzSec. The leading mitigation strategy is a combination of user…

The majority of documented phishing attacks have been carried by email, yet few studies have measured the impact of email headers on the predictive accuracy of machine learning techniques in detecting email phishing attacks. Research has shown that the inclusion of a limited subset of email headers as features in training machine learning…

As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study…

As organizations have become more dependent on networked information systems (IS) to conduct their business operations, their susceptibility to various threats to information security has also increased. Research has consistently identified the inappropriate security behavior of the users as the most significant of these threats. Various factors…

Unsolicited bulk email received by business users has increased exponentially in volume and complexity since the introduction of email. However, the factors that influence managers to purchase spam filters have never been fully documented or identified, only assumed. The purpose of this qualitative study was to identify, understand and document…

The purpose of this study is to explore systems users' behavior on IS under the various circumstances (e.g., email usage and malware threats, online communication at the individual level, and IS usage in organizations). Specifically, the first essay develops a method for analyzing and predicting the impact category of malicious code, particularly…

Targeted email attacks to enable computer network exploitation have become more prevalent, more insidious, and more widely documented in recent years. Beyond nuisance spam or phishing designed to trick users into revealing personal information, targeted malicious email (TME) facilitates computer network exploitation and the gathering of sensitive…