{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T10:42:23Z","timestamp":1767177743553,"version":"build-2238731810"},"reference-count":21,"publisher":"Springer Fachmedien Wiesbaden GmbH","issue":"3","license":[{"start":{"date-parts":[[2020,4,14]],"date-time":"2020-04-14T00:00:00Z","timestamp":1586822400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,4,14]],"date-time":"2020-04-14T00:00:00Z","timestamp":1586822400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["HMD"],"published-print":{"date-parts":[[2020,6]]},"abstract":"<jats:title>Zusammenfassung<\/jats:title>\n                  <jats:p>Vom urspr\u00fcnglichen \u201ePhishing\u202f=\u2009Passwort\u202f+\u2009Fishing\u201c wandelt sich das Angriffsmuster durch neue Technologien zum boomenden Gesch\u00e4ftsmodell der cyberkriminellen Szene. Schadsoftware wie \u201eEmotet\u201c zeigt, dass automatisierte Spear Phishing-Angriffe Realit\u00e4t geworden sind und immense Sch\u00e4den verursachen. Der Mitarbeiter r\u00fcckt damit in den Fokus von IT-Sicherheitsma\u00dfnahmen. Das Ziel dieses Beitrags ist es, einen Rundumblick zur aktuellen und zuk\u00fcnftigen Bedrohungslage durch Spear Phishing zu geben und konkrete Handlungsempfehlungen abzuleiten. Zur Messung der Security Awareness im organisatorischen Umfeld wird die Kennzahl \u201eEmployee Security Index\u201c vorgestellt, welche das Sicherheitsbewusstsein von Mitarbeitern gegen\u00fcber Phishing-Angriffen standardisiert messbar macht. Es wurde ein Feldexperiment in einer deutschen Organisation durchgef\u00fchrt, um die Verwundbarkeit der Belegschaft gegen\u00fcber Spear Phishing und die Wirksamkeit verschiedener Trainingsma\u00dfnahmen zu untersuchen. Die erhobenen Daten werden mithilfe des \u201eEmployee Security Index\u201c bewertet. Insgesamt verdeutlichen die Ergebnisse, dass neben technischen und organisatorischen Schutzma\u00dfnahmen sowohl eine Schulung der Mitarbeiter als auch ein Umdenken nutzerverbundener Prozesse unabdingbar ist.<\/jats:p>","DOI":"10.1365\/s40702-020-00613-y","type":"journal-article","created":{"date-parts":[[2020,4,14]],"date-time":"2020-04-14T05:02:55Z","timestamp":1586840575000},"page":"597-612","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Spear Phishing\u00a02.0: Wie automatisierte Angriffe Organisationen vor neue Herausforderungen stellen","Spear Phishing\u00a02.0: How Automated Attacks Present Organizations With New Challenges"],"prefix":"10.1365","volume":"57","author":[{"given":"Anjuli","family":"Franz","sequence":"first","affiliation":[]},{"given":"Alexander","family":"Benlian","sequence":"additional","affiliation":[]}],"member":"93","published-online":{"date-parts":[[2020,4,14]]},"reference":[{"key":"613_CR1","doi-asserted-by":"crossref","unstructured":"APWG (2019) \u201cPhishing Activity Trends Report\u201d. 3rd Quarter 2019. https:\/\/docs.apwg.org\/reports\/apwg_trends_report_q3_2019.pdf. Zugegriffen: 13. Jan. 2020","DOI":"10.1016\/S1361-3723(19)30025-9"},{"key":"613_CR2","doi-asserted-by":"crossref","unstructured":"Benlian (2020) A daily field investigation of technology-driven stress spillovers from work to home. MISQ (forthcoming)","DOI":"10.25300\/MISQ\/2020\/14911\/"},{"key":"613_CR3","unstructured":"Bitkom (2018) Spionage, Sabotage und Datendiebstahl \u2013 Wirtschaftsschutz in der Industrie. Studienbericht 2018, Bitkom e.\u202fV. https:\/\/www.bitkom.org\/sites\/default\/files\/file\/import\/181008-Bitkom-Studie-Wirtschaftsschutz-2018-NEU.pdf. Zugegriffen: 13. Jan. 2020"},{"key":"613_CR4","unstructured":"BSI (2019a) https:\/\/www.bsi.bund.de\/DE\/Presse\/Pressemitteilungen\/Presse2019\/Spam-Bundesbehoerden_181219.html. Zugegriffen: 13. Jan. 2020"},{"key":"613_CR5","volume-title":"Franz, A. \u201cSecurity Awareness messbar machen \u2013 der Employee Security Index\u201d","author":"BSI","year":"2019","unstructured":"BSI (2019b) Franz, A. \u201cSecurity Awareness messbar machen \u2013 der Employee Security Index\u201d. Tagungsband des 16. Deutscher IT-Sicherheitskongress, 2019"},{"key":"613_CR7","volume-title":"Spear phishing: the secret weapon behind the worst cyber attacks","author":"Cloudmark","year":"2016","unstructured":"Cloudmark (2016) Spear phishing: the secret weapon behind the worst cyber attacks"},{"key":"613_CR8","unstructured":"Heise (2019a) https:\/\/www.heise.de\/newsticker\/meldung\/Computervirus-Klinikum-Fuerth-offline-und-mit-eingeschraenktem-Betrieb-4615427.html. Zugegriffen: 13. Jan. 2020"},{"key":"613_CR9","unstructured":"Heise (2019b) https:\/\/www.heise.de\/newsticker\/meldung\/IT-Systeme-der-Stadt-Frankfurt-am-Main-wegen-Malware-Befall-offline-4619634.html. Zugegriffen: 13. Jan. 2020"},{"key":"613_CR10","unstructured":"Heise (2019c) https:\/\/www.heise.de\/newsticker\/meldung\/Uni-Giessen-naehert-sich-nach-Hacker-Attacke-wieder-dem-Normalbetrieb-4628715.html. Zugegriffen: 13. Jan. 2020"},{"key":"613_CR11","doi-asserted-by":"publisher","first-page":"724","DOI":"10.1365\/s40702-015-0161-1","volume":"52","author":"Hertel","year":"2015","unstructured":"Hertel (2015) Risiken der Industrie 4.0 \u2013 Eine Strukturierung von Bedrohungsszenarien der Smart Factory. HMD 52:724\u2013738","journal-title":"HMD"},{"key":"613_CR12","unstructured":"ISF (2007) Information Security Forum. \u201eISF Standard of Good Practice 2007\u201c, CB3.4."},{"key":"613_CR13","volume-title":"Thinking, fast and slow","author":"Kahneman","year":"2011","unstructured":"Kahneman (2011) Thinking, fast and slow. Farrar Straus, and Giroux, New York"},{"key":"613_CR14","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1016\/j.cose.2006.02.008","volume":"25","author":"Kruger","year":"2006","unstructured":"Kruger, Kearney (2006) A prototype for assessing information security awareness. Comput Secur 25:289\u2013296","journal-title":"Comput Secur"},{"issue":"4","key":"613_CR15","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/s12599-019-00600-8","volume":"61","author":"Maedche","year":"2011","unstructured":"Maedche et al (2011) AI-based digital assistants. Bus Inf Syst Eng 61(4):535\u2013544","journal-title":"Bus Inf Syst Eng"},{"key":"613_CR16","volume-title":"Hirne hacken \u2013 Menschliche Faktoren der IT Sicherheit","author":"Neumann","year":"2019","unstructured":"Neumann (2019) Hirne hacken \u2013 Menschliche Faktoren der IT Sicherheit. Vortrag auf dem 36. Chaos Communication Congress (36C3). (https:\/\/media.ccc.de\/v\/36c3-11175-hirne_hacken)"},{"key":"613_CR17","volume-title":"Proceedings of the 13th pre-ICIS workshop on information security and privacy","author":"D Pienta","year":"2018","unstructured":"Pienta\u00a0D, Thatcher\u00a0JB, Johnston\u00a0AC (2018) A taxonomy of Phishing: attack types spanning economic, temporal, breadth, and target boundaries. In: Proceedings of the 13th pre-ICIS workshop on information security and privacy, Bd. 1"},{"key":"613_CR18","doi-asserted-by":"publisher","first-page":"113268","DOI":"10.1016\/j.dss.2020.113268","volume":"131","author":"K Roethke","year":"2020","unstructured":"Roethke\u00a0K et\u00a0al (2020) Social influence tactics in e\u2011commerce onboarding: The role of social proof and reciprocity in affecting user registrations. Decis Support Syst 131:113268. https:\/\/doi.org\/10.1016\/j.dss.2020.113268","journal-title":"Decis Support"},{"key":"613_CR19","volume-title":"Internet security threat report","author":"Symantec","year":"2019","unstructured":"Symantec (2019) Internet security threat report Bd. 24"},{"key":"613_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.ijhcs.2018.06.004","volume":"120","author":"EJ Williams","year":"2018","unstructured":"Williams\u00a0EJ, Hinds\u00a0J, Joinson\u00a0AN (2018) Exploring susceptibility to phishing in the workplace. Int J Hum Comput Stud 120:1\u201313. https:\/\/doi.org\/10.1016\/j.ijhcs.2018.06.004","journal-title":"Int J Hum Comput Stud"},{"issue":"1","key":"613_CR21","doi-asserted-by":"publisher","first-page":"273","DOI":"10.2753\/MIS0742-1222270111","volume":"27","author":"RT Wright","year":"2010","unstructured":"Wright\u00a0RT, Marett\u00a0K (2010) The influence of experiential and dispositional factors in phishing: an empirical investigation of the deceived. J\u00a0Manag Inf Syst 27(1):273\u2013303. https:\/\/doi.org\/10.2753\/MIS0742-1222270111","journal-title":"J Manag Inf Syst"},{"issue":"2","key":"613_CR22","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1287\/isre.2014.0522","volume":"25","author":"RT Wright","year":"2014","unstructured":"Wright\u00a0RT, Jensen\u00a0ML, Thatcher\u00a0JB, Dinger\u00a0M, Marett\u00a0K (2014) Influence techniques in phishing attacks: an examination of vulnerability and resistance. Inf Syst Res 25(2):385\u2013400","journal-title":"Inf Syst Res"}],"updated-by":[{"DOI":"10.1365\/s40702-021-00789-x","type":"erratum","label":"Erratum","source":"publisher","updated":{"date-parts":[[2021,9,20]],"date-time":"2021-09-20T00:00:00Z","timestamp":1632096000000}}],"container-title":["HMD Praxis der Wirtschaftsinformatik"],"original-title":[],"language":"de","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-020-00613-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1365\/s40702-020-00613-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1365\/s40702-020-00613-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,10,13]],"date-time":"2021-10-13T13:05:22Z","timestamp":1634130322000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1365\/s40702-020-00613-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,4,14]]},"references-count":21,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,6]]}},"alternative-id":["613"],"URL":"https:\/\/doi.org\/10.1365\/s40702-020-00613-y","relation":{},"ISSN":["1436-3011","2198-2775"],"issn-type":[{"value":"1436-3011","type":"print"},{"value":"2198-2775","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,4,14]]},"assertion":[{"value":"19 January 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 March 2020","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 March 2020","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 April 2020","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 September 2021","order":5,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Erratum","order":6,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Zu diesem Beitrag wurde ein Erratum ver\u00f6ffentlicht:","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1365\/s40702-021-00789-x","URL":"https:\/\/doi.org\/10.1365\/s40702-021-00789-x","order":8,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}]}}