Logo PTI Logo icrmat

Proceedings of the 2022 International Conference on Research in Management & Technovation

Annals of Computer Science and Information Systems, Volume 34

Technology Threat Avoidance Factors Affecting Cybersecurity Professionals' Willingness to Share Information

,

DOI: http://dx.doi.org/10.15439/2022M4720

Citation: Proceedings of the 2022 International Conference on Research in Management & Technovation, Viet Ha Hoang, Vijender Kumar Solanki, Nguyen Thi Hong Nga, Shivani Agarwal (eds). ACSIS, Vol. 34, pages 209213 ()

Full text

Abstract. Through the Cybersecurity Information Sharing Act of 2015, a DHS information-sharing program was mandated to protect U.S. businesses and critical infrastructure and mitigate cyberattacks. The present study examined cybersecurity professionals' willingness to collaborate and share information regarding cybersecurity threats via that program. The technology threat avoidance theory (TTAT) served as the study's theoretical framework. This research examined to what extent technology threat avoidance factors affect cybersecurity professionals' willingness to collaborate and share information regarding cybersecurity threats. Threat avoidance factors consisted of perceived susceptibility, perceived severity, perceived threat, prevention effectiveness, prevention cost, and self-efficacy. This cross- sectional study used partial least squares-structural equation modeling to analyze data collected from 137 cybersecurity professionals with a minimum of five years of cybersecurity experience. The data analysis indicated that perceived susceptibility and perceived severity significantly predicted participants' perceptions of cybersecurity threats, and perceived threat explained 44\% of the variance in avoidance motivation. Prevention effectiveness, prevention cost, and self-efficacy were not significant predictors of avoidance motivations and the willingness to participate in the DHS's information- sharing program. These results indicate that more research is necessary to understand the factors influencing information sharing among cybersecurity professionals working in U.S. organizations

References

  1. N. Akhtar, “Latest trends in cybersecurity after the Solar Wind hacking attack.” Foundation University Journal of Engineering and Applied Science, 1(2), 14- 24, 2020. https://doi.org/10.33897/fujeas.v1i2.347 [Accessed Sept. 10, 2022]
  2. M. Amanowicz, Towards building national cybersecurity awareness. International Journal of Electronics and Telecommunications, 66(2), 321-326, 2020. https://doi.org/10.24425/ijet.2020.131881 [Accessed Oct. 11, 2022]
  3. F. Aribake and Z. Aji, Assessment on phishing avoidance behavior among Internet banking users in Nigeria: A conceptual model. Journal of Information System and Technology Management, 5(16), 1-14, 2020. https://doi.org/10.35631/JISTM.516001 [Accessed Oct. 11, 2022]
  4. K. Asante-Offei, and W. Yaokumah. Cyber- identity theft and fintech services: Technology threat avoidance perspective. Journal of Information Technology Research, 14(3), Article 1, 2021. https://doi.org/10.4018/JITR.2021070101 [Accessed Oct. 11, 2022]
  5. J. Baker and K. Waldron. “5G and zero trust networks.” 2020. https:// www.jstor.org/stable/resrep27016 [Accessed Aug. 11, 2022].
  6. D. Carpenter, D. Young, P. Barrett, and A. McLeod, Refining technology threat avoidance theory. Communications of the Association for Information Systems, 44, Article 22., 2019. https://doi.org/10.17705/1CAIS.04422
  7. M. Cavelty, C. Mauer, and F. Krishna-Hensel, F., Power and security in the information age: Investigating the role of the state in cyberspace, 2016. New York, NY: Routledge
  8. H. Chen and W. Li, Mobile device users’ privacy security assurance behavior: A technology threat avoidance perspective. Information and Computer Security, 25(3), 330-344, 2017. https://doi.org/10.1108/ICS-04-2016-0027
  9. M. Chertoff, Exploding data: Reclaiming our cyber security in the digital age, 2018. New York, NY: Atlantic Monthly Press [Accessed Aug. 4, 2022].
  10. J.W. Creswel and J.D. Creswell, Research design: Qualitative, quantitative, and mixed methods approaches, 2017. Sage Publications.
  11. P. Datta, Hannibal at the gates: Cyberwarfare & the Solarwinds sunburst hack. Journal of Information Technology Teaching Cases, 2021. https://doi.org/10.1177%2F2043886921993126
  12. H. Hammouchi, O. Cherqi, G. Mezzour, M. Ghogho, and M. Koutbi, “Digging deeper into data breaches: An exploratory data analysis of hacking breaches over time.” Procedia Computer Science. 151. 1004-1009, 2019. 10.1016/j.procs.2019.04.141, [Accessed Sept. 4, 2022].
  13. J. Jaffer, Carrots and sticks in cyberspace: addressing critical issues in the Cybersecurity Information Sharing Act of 2015, 2016. SCL Rev., 67, 585. [Accessed Aug. 4, 2022].
  14. C. James. “Cybersecurity: Threats challenges opportunities”, 2016, https://www.bing.com/search?q=cybersecurity+threat s%2c+challenges+opportunities&qs=NW&pq=cyber security+threats%2c+challenges+oppor&sk=NWU1 &sc=339&cvid=0529FF8B243C428F8074A83D428EC0E8&FORM=QBRE&sp=2&ghc=1 [Accessed July 20, 2021]
  15. A. Jibril, M. Kwarteng, R. Botchway, J. Bode, and M. Chovancova, “The impact of online identity theft on customers’ willingness to engage in e-banking transaction in Ghana: A technology threat avoidance theory. Cogent Business & Management,” 7(1), Article 1832825, 2020. https://doi.org/10.1080/23311975.2020.1832825
  16. D. Johnson, “The federal government has big plans for the Automated Indicator Sharing program, but agency officials and members of Congress continue to express frustration at the sluggish pace of enrollment”, 2017, https://fcw.com/security/2017/11/enrollment-for- threat-sharing-program-continues-to-lag/227957/ [Accessed Feb. 5, 2020].
  17. D. Johnson, “How info sharing can get unstuck”, 2018. https://fcw.com/security/2018/11/how-info-sharing- can-get-unstuck/199096/ [Accessed Feb. 5, 2020].
  18. S. Landau, Listening in: Cybersecurity in an insecure age, 2017. New Haven, CT: Yale University Press
  19. H. Liang and Y. Xue, Avoidance of information technology threats: A theoretical perspective. Management Information Systems Quarterly, 33(1), 71-90, 2009. http://dx.doi.org/10.2307/20650279 [Accessed Oct. 4, 2022].
  20. H. Liang and Y. Xue, Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394-413, 2010. http://dx.doi.org/10.17705/1jais.00232 [Accessed Aug. 12, 2022].
  21. I. Mandritsa, I. Tebueva, V. Peleshenko, V. Petrenko, O. Mandritsa, I. Solovyova, A. Fensel, and M. Mecella, “Defining a cybersecurity strategy of an organization: criteria, objectives and functions”, 2018, http://ceur-ws.org [Accessed July 20, 2021].
  22. M. Mark, “An Analysis of Factors Influencing Phishing Threat Avoidance Behavior: A Quantitative Study”, Capella University ProQuest Dissertations Publishing, 2021. 28320611.https://www.proquest.com/dissertations-theses/analysis-factors-influencing-phishing threat/docview/2506645080/se-2?accountid=44888
  23. R. Meeuwisse, Cybersecurity for beginners, 2017. London, United Kingdom: Cyber Simplicity Ltd
  24. J. Melnick, “Top 10 most common types of cyber-attacks” 2018. https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ [Accessed Aug. 4, 2022].
  25. S. R. Muller, “An Intersection of Information Security Policies and I.A. Awareness, While Factoring in End-User Behavior: A NIST Cybersecurity Framework Perspective on “Identify”, 2020. Proceedings of International Conference on Research in Management and Technovation, ICRMAT 2020 Vol (24). Annals of Computer Science and Information Systems ISSN 2300-5963
  26. S.R. Muller, and D.N. Burrell, “Social Cybersecurity and Human Behavior”, 2022. International Journal of Hyperconnectivity and the Internet of Things (IJHIoT), 6(1). Hershey, PA: IGI Global
  27. S.R. Muller, and M. Lind, “Factors in information assurance professionals’ intentions to adhere to information security policies”, 2020. International Journal of Systems and Software Security and Protection, 11(1). Hershey, PA: IGI Global
  28. S. Rahi, Research design and methods: A systematic review of research paradigms, sampling issues, and instruments development. International Journal of Economics & Management Sciences, 6(2), Article 10000403, 2017. http://dx.doi.org/10.4172/2162- 6359.1000403
  29. G. Sharkov, Assessing the maturity of national cybersecurity and resilience. Connections: The Quarterly Journal, 19(4), 5-24, 2020. [Accessed Aug. 4, 2022]. https://doi.org/10.11610/Connections.19.4.01
  30. P. Singer and A. Friedman, Cybersecurity and cyberwar: What everyone needs to know? New York, NY: Oxford University, 2014.
  31. M. Tvaronavičienė, T. Plėta, S. Casa and J. Latvys, Cyber security management of critical energy infrastructure in national cybersecurity strategies: Cases of USA, UK, France, Estonia, and Lithuania. Insights into Regional Development, 2(4), 802-813, 2020. http://doi.org/10.9770/IRD.2020.2.4(6)
  32. N. Yang, T. Singh, A. Johnston, A replication study of user motivation in protecting information security using protection motivation theory and self-determination theory. AIS Transactions on Replication Research, 6(10), 2020. https://doi.org/10.17705/1atrr.00053
  33. N. Zeng, Y. Liu, P. Gong, M. Hertogh, and M. König, Do right PLS and do PLS right: A critical review of PLS-SEM application in construction management research. Frontiers of Engineering Management, 2021. https://doi.org/10.1007/s42524-021- 0153-5
  34. A. Zibak and A. Simpson, “Cyber threat information sharing: Perceived benefits and barriers, August 2019. Proceedings of the 14th international conference on availability, reliability, and security (pp. 1-9)