An Adaptive Cybersecurity Training Framework for the Education of Social Media Users at Work

Formalizing the approach towards risk management on social media is critical for organizations. Regrettably, a review of the state-of-the-art on cybersecurity training highlighted that the existing frameworks are either too generic or too cumbersome to be adapted to different organizations and needs. Thus, we developed the Adaptive Cybersecurity Training Framework for Social Media Risks (ACSTF-SMR), a framework that incorporates social media cybersecurity policies and best practices. The ACSTF-SMR enables organizations, trainers, and policymakers to address the challenges posed by social media in a way that satisfies employees’ training needs and adjusts to their preferences. We tested the ACSTF-SMR with 38 case studies. Employees’ behaviors, learning, and responses after training were assessed, and feedback was gathered to improve the framework. Interviews with policymakers were held to gain insight into the enforcement of social media policies. We conclude that the ACSTF-SMR is a reliable option to mitigate social media threats within organizations

Cybersafety in Modern Online Social Networks (Dagstuhl Reports 17372)

This report documents the program and the outcomes of Dagstuhl Seminar 17372 "Cybersafety in Modern Online Social Networks." The main motivation behind the seminar stems from the increased relevance of threats and challenges in the context of cybersafety, especially in modern online social networks, where the range of malicious activities perpetrated by malevolent actors is regrettably wide. These include spreading malware and spam, controlling and operating fake/compromised accounts, artificially manipulating the reputation of accounts and pages, and spreading false information as well as terrorist propaganda.The reasons for the success of such attacks are manifold. The users of social networking services tend to extend their trust of the services and profiles of their acquaintances to unknown users and other third parties: despite the service providers\u27 attempts at keeping their audiences identifiable and accountable, creating a fake profile, also in another person\u27s name, is very simple. Even partially or fully taking over a profile is comparatively easy, and comes with the benefit of the trust this profile has accrued over time, as many credentials are easy to acquire. Further, even seemingly innocuous issues such as the design and presentation of user interfaces can result in implications for cybersafety. The failure to understand the interfaces and ramifications of certain online actions can lead to extensive over-sharing. Even the limited information of partial profiles may be sufficient for abuse by inference on specific features only. This is especially worrisome for new or younger users of a system that might unknowingly expose information or have unwanted interactions simply due to not fully understanding the platform they are using. Unfortunately, research in cybersafety has looked at the various sub-problems in isolation, almost exclusively relying on algorithms aimed at detecting malicious accounts that act similarly, or analyzing specific lingual patterns. This ultimately yields a cat-and-mouse game, mostly played on economic grounds, whereby social network operators attempt to make it more and more costly for fraudsters to evade detection, which unfortunately tends to fail to measure and address the impact of safety threats from the point of view of regular individuals. This prompts the need for a multi-faceted, multi-disciplinary, holistic approach to advancing the state of knowledge on cybersafety in online social networks, and the ways in which it can be researched and protected. Ultimately, we want to work towards development of a cutting-edge research agenda and technical roadmap that will allow the community to develop and embed tools to detect malice within the systems themselves, and to design effective ways to enhance their safety online. This seminar was intended to bring together researchers from synergistic research communities, including experts working on information and system security on one hand, and those with expertise in human/economic/sociological factors of security on the other. More specifically, in the field of cybersafety, there exist a number of interconnected, complex issues that cannot be addressed in isolation, but have to be tackled and countered together. Moreover, it is necessary for these challenges to be studied under a multi-disciplinary light. Consequently, we identified and focused on the most relevant issues in cybersafety, and explored both current and emerging solutions. Specifically, we discussed four problems that are the most pressing both in terms of negative impact and potential danger on individuals and society, and challenging open research problems requiring a multi-disciplinary approach: Cyberbullying & Hate Speech, CyberFraud & Scams, Reputation Manipulation & Fake Activities, and Propaganda. Overall, the seminar was organized to include a number of long talks from senior experts in the field, covering the four main topics above, followed by a series of short talks from the participants about work in progress and recent results, and finally working groups to foster collaborations, brainstorming, and setting of a research agenda forward

Adaptive Cybersecurity Training Framework for Social Media Risks

Social media has become embedded in our everyday lives, personal activities, and the workplace. Thus, educating users on emerging cybersecurity challenges for social media has become imperative. In this project, a systematic literature review (SLR) was conducted and a mix of approach analyses to derive a framework that identifies the activities involved in adapting cybersecurity training for social media risks. I collected answers from 641 Kuwaiti employees in various sectors: education, healthcare, leadership and management, arts, entertainment, the police, and military, and interviewed 25 people who serve as policymakers, cybersecurity trainers, and those who have experienced cybersecurity training before. The study found that a one-fits-all training approach is highly ineffective, as people’s understanding and knowledge can vary greatly. Features such as gender, age, educational level, job roles, and the trainees’ training preferences and perceptions are essential considerations for developing a robust training system. Additionally, the study found that job role and age constitute the main factors associated with social media cybersecurity risks. The findings reveal that employees working in the business and financial sectors are the riskiest group, as far as cybersecurity is concerned. Female employees are more vulnerable to cyberattacks than male employees, and the youngest employees are the most risk prone, employees with less than two years of experience, and those who are 55 years old or more, need more cybersecurity training, due to their lack of awareness on the subject. This work has led to formulate a risk equation that can assist policymakers and training providers in defining countermeasures against risks and prioritize the training for those who need it the most. The framework and its process were validated through several strategies involving 38 case studies, surveys, and interviews. The novel contribution of this research is the proposal of the framework, which is a high-level, holistic framework that can support and promote organizations in mitigating social media risks