The Looming Cybersecurity Crisis and What It Means for the Practice of Industrial and Organizational Psychology

The persistently changing landscape of cyberspace and cybersecurity has led to a call for organizations’ increased attention toward securing information and systems. Rapid change in the cyber environment puts it on a scale unlike any other performance environment typically of interest to industrial and organizational (I-O) psychologists and related disciplines. In this article, we reflect on the idea of keeping pace with cyber, with a particular focus on the role of practicing I-O psychologists in assisting individuals, teams, and organizations. We focus on the unique roles of I-O psychologists in relation to the cyber realm and discuss the ways in which they can contribute to organizational cybersecurity efforts. As highlighted throughout this article, we assert that the mounting threats within cyberspace amount to a “looming crisis.” Thus, we view assisting organizations and their employees with becoming resilient and adaptive to cyber threats as an imperative, and practicing I-O psychologists should be at the forefront of these efforts.

[1]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[2]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[3]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[4]  Michael T. Brannick,et al.  Job and Work Analysis: Methods, Research, and Applications for Human Resource Management , 2019 .

[5]  Theodore Tryfonas,et al.  Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method , 2014, HCI.

[6]  Ponnurangam Kumaraguru,et al.  Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions , 2010, CHI.

[7]  Celeste Lyn Paul Human-Centered Study of a Network Operations Center: Experience Report and Lessons Learned , 2014, SIW '14.

[8]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[9]  Sebastiaan H. von Solms,et al.  Information Security - The Third Wave? , 2000, Comput. Secur..

[10]  Celeste Lyn Paul,et al.  A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness , 2013, HCI.

[11]  Ryan West,et al.  The psychology of security , 2008, CACM.

[12]  James C. Christensen,et al.  Human Factors in Cyber Warfare II , 2014 .

[13]  Zhang Ying-hong On Work Analysis , 2008 .

[14]  Benjamin Schneider,et al.  Strategic job analysis , 1989 .

[15]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[16]  Rossouw von Solms,et al.  Information security culture: A management perspective , 2010, Comput. Secur..

[17]  Teresa L. Russell,et al.  Future Soldiers: Analysis of Entry-Level Performance Requirements and Their Predictors , 2005 .

[18]  P. Hancock,et al.  The Human Factors of Cyber Network Defense , 2015 .

[19]  John P. Meyer,et al.  Commitment in the Workplace: Theory, Research, and Application , 1997 .

[20]  Norbert Wiener,et al.  Cybernetics. , 1948, Scientific American.

[21]  Arun Vishwanath,et al.  Examining the Distinct Antecedents of E-Mail Habits and its Influence on the Outcomes of a Phishing Attack , 2015, J. Comput. Mediat. Commun..

[22]  N. Tippins Internet Alternatives to Traditional Proctored Testing: Where Are We Now? , 2009, Industrial and Organizational Psychology.

[23]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[24]  Markus Sommer,et al.  Using Automatic Item Generation to Meet the Increasing Item Demands of High-Stakes Educational and Occupational Assessment. , 2012 .

[25]  Ronald S. Landis,et al.  Future-Oriented Job Analysis: A Description of the Process and Its Organizational Implications , 1998 .

[26]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[27]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[28]  Yada Zhu,et al.  Social Phishing , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[29]  Shari Lawrence Pfleeger,et al.  Leveraging behavioral science to mitigate cyber security risk , 2012, Comput. Secur..

[30]  Cybersecurity Issues in Selection , 2017 .

[31]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[32]  N. Mayer,et al.  Information Security Risk Management in Computer-Assisted Assessment Systems : First Step in Addressing Contextual Diversity , 2010 .

[33]  J. Farr,et al.  Handbook of employee selection , 2010 .

[34]  Matthew Smith,et al.  Debunking Security-Usability Tradeoff Myths , 2016, IEEE Security & Privacy.

[35]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[36]  S. Clarke The relationship between safety climate and safety performance: a meta-analytic review. , 2006, Journal of occupational health psychology.

[37]  Sebastiaan H. von Solms,et al.  Information Security Management: A Hierarchical Framework for Various Approaches , 2000, Comput. Secur..

[38]  W. Borman,et al.  A Theory of Individual Differences in Task and Contextual Performance , 1997 .

[39]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[40]  Russell W. Smith,et al.  The Impact of Braindump Sites on Item Exposure and Item Parameter Drift , 2004 .

[41]  Lelyn D. Saner,et al.  Characterizing cybersecurity jobs: applying the cyber aptitude and talent assessment framework , 2016, HotSoS.

[42]  K. Norman Cyberpsychology: An Introduction to Human-Computer Interaction , 2008 .

[43]  John A. Clark,et al.  The Human Factor in Mobile Phishing , 2015 .

[44]  Nancy J. Cooke,et al.  Effects of Teamwork versus Group Work on Signal Detection in Cyber Defense Teams , 2013, HCI.

[45]  Jeremy M. Beus,et al.  Safety climate and injuries: an examination of theoretical and empirical relationships. , 2010, The Journal of applied psychology.

[46]  Cleotilde Gonzalez,et al.  Effects of cyber security knowledge on attack detection , 2015, Comput. Hum. Behav..

[47]  E. Andrijcic,et al.  A Macro‐Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property , 2006, Risk analysis : an official publication of the Society for Risk Analysis.

[48]  Brenda K. Wiederhold,et al.  The Role of Psychology in Enhancing Cybersecurity , 2014, Cyberpsychology Behav. Soc. Netw..