Who gets phished? Insights from a Contextual Clustering Analysis Across Three Continents

Phishing attacks are one of the most prevalent cybersecurity threats to modern organizations. As a result, researchers and practitioners alike have pooled their strengths to understand who is most at risk of falling for phishing attacks. Since recent work calls for consideration of discrete context dimensions when examining phishing susceptibility, we use cluster analysis in conjunction with a large-scale phishing experiment to identify and scrutinize highly deceivable employees across three continents based on contextual influencing factors. The results reveal salient similarities between employee groups in Europe, Australia, and North America. Consequently, our findings underscore the importance of classifying employees based on discrete contextual characteristics impacting their phishing susceptibility. Furthermore, the identified clusters have important implications for policymakers, awareness programs, and anti-phishing interventions, as they allow to better target individuals based on contextual attributes

PREPARING FOR CYBERATTACKS: A CASE STUDY OF RESILIENCE IN THE HEALTH-CARE SECTOR

Nowadays, health-care organizations rely extensively on information technology and systems for providing high-quality services to their patients and exchanging data with external partners. However, these organizations, processes, and operations are vulnerable to criminal activities and digital security breaches, which has led health-care organizations to build various protection mechanisms, including firewalls, virus scanners, and security policies that enhance their ability to prepare for threats; design activities to be conducted during a cyberattack; and implement means to recover from an unfortunate event. Although these moves have been acknowledged in research and in practice, there is still little knowledge available on how organizations understand and perceive such events as well as their consequences. To this end, we conducted a qualitative case study that included 14 interviews with diverse key actors at a Finnish hospital. From them, we aimed to understand how the organization has prepared for cyberattack resilience. By generalizing our case research, we built a framework for analyzing and improving organizational resilience. This framework makes significant contributions both to theory and practice

SMS-I: Intelligent Security for Cyber–Physical Systems

Critical infrastructures are an attractive target for attackers, mainly due to the catastrophic impact of these attacks on society. In addition, the cyber–physical nature of these infrastructures makes them more vulnerable to cyber–physical threats and makes the detection, investigation, and remediation of security attacks more difficult. Therefore, improving cyber–physical correlations, forensics investigations, and Incident response tasks is of paramount importance. This work describes the SMS-I tool that allows the improvement of these security aspects in critical infrastructures. Data from heterogeneous systems, over different time frames, are received and correlated. Both physical and logical security are unified and additional security details are analysed to find attack evidence. Different Artificial Intelligence (AI) methodologies are used to process and analyse the multi-dimensional data exploring the temporal correlation between cyber and physical Alerts and going beyond traditional techniques to detect unusual Events, and then find evidence of attacks. SMS-I’s Intelligent Dashboard supports decision makers in a deep analysis of how the breaches and the assets were explored and compromised. It assists and facilitates the security analysts using graphical dashboards and Alert classification suggestions. Therefore, they can more easily identify anomalous situations that can be related to possible Incident occurrences. Users can also explore information, with different levels of detail, including logical information and technical specifications. SMS-I also integrates with a scalable and open Security Incident Response Platform (TheHive) that enables the sharing of information about security Incidents and helps different organizations better understand threats and proactively defend their systems and networks.This research was funded by the Horizon 2020 Framework Programme under grant agreement No 832969. This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein. For more information on the project see: http://satie-h2020.eu/.info:eu-repo/semantics/publishedVersio