The use of unmanned aerial vehicles (UAVs) as delivery systems of online goods is rapidly becoming a global norm, as corroborated by Amazon's 'Prime Air' and Google's 'Project Wing' projects. However, the real-world deployment of such drone delivery systems faces many cyber-physical security challenges. In this paper, a novel mathematical framework for analyzing and enhancing the security of drone delivery systems is introduced. In this regard, a zero-sum network interdiction game is formulated between a vendor, operating a drone delivery system, and a malicious attacker. In this game, the vendor seeks to find the optimal path that its UAV should follow, to deliver a purchase from the vendor's warehouse to a customer location, to minimize the delivery time. Meanwhile, an attacker seeks to choose an optimal location to interdict the potential paths of the UAVs, so as to inflict cyber or physical damage to it, thus, maximizing its delivery time. First, the Nash equilibrium point of this game is characterized. Then, to capture the subjective behavior of both the vendor and attacker, new notions from prospect theory are incorporated into the game. These notions allow capturing the vendor's and attacker's i) subjective perception of attack success probabilities, and ii) their disparate subjective valuations of the achieved delivery times relative to a certain target delivery time. Simulation results have shown that the subjective decision making of the vendor and attacker leads to adopting risky path selection strategies which inflict delays to the delivery, thus, yielding unexpected delivery times which surpass the target delivery time set by the vendor.