To explore the effectiveness of embedded training, we conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and to a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing.  The results from three trials showed that framing had no significant effect on the likelihood that a participant would click on a subsequent spear phishing email, and that many participants either clicked on all links or none regardless of whether they received training or what kind of training they received. The results suggest that embedded training was ineffective because employees failed to read the training materials. We were therefore unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks. Dr. Caputo will discuss the study results, why users may have feared the training, and what this means for strengthening our human firewalls against advanced spear phishing attacks.


Deanna D. Caputo received her Ph.D. in Social and Personality Psychology from Cornell University, with specialization in Judgment and Decision-making and Psychology and Law. She currently works in the Washington D.C area for the MITRE Corporation as a Principal Behavioral Psychologist supporting the United States law enforcement and intelligence communities, and previously worked for the US Department of Defense as a senior human factors intelligence analyst. Dr. Caputo has almost 20 years experience in designing, conducting, and analyzing experimental research with human participants, using both quantitative and qualitative analyses. She is also proficient in profiling human decision-making behavior and conducting social network analyses. Her main area of research and operational consultation is human behavior and cyber security, particularly insider threat. Dr. Caputo has multiple psychological articles published in peer-reviewed journals, authored a book chapter, and her most recent publications are "Going Spear phishing: Exploring Embedded Training and Awareness," IEE Security & Privacy, (In Press); "Leveraging Behavioral Science to Mitigate Cyber Security Risk, Computers and Security, May 2012; and "Detecting the Theft of Trade Secrets by Insiders: A Summary of MITRE Insider Threat Research," IEEE Security & Privacy, Nov/Dec 2009.


About the WATCH series:

Transforming today's trusted but untrustworthy cyberinfrastructure into one that can meet society's growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and  actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF's Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and sponsored by the CISE Secure and Trustworthy Cyberspace (SaTC) Program. Talks will be recorded and made available over the Internet.


For technical questions during the webcast contact [email protected] or call one of our technical support numbers to the right.

For the webcast, please tune in 15 minutes prior to the start time for the event and test your video player. This live event will be captioned in compliance with Section 508.

The event will be archived for 3 months - viewable at http://www.tvworldwide.com/events/nsf/130926 and http://www.fededtv.com/. Participants should have the Windows Media Player or Flash player installed to view the event.

(links to the webcast are in the upper-right corner of this page)


About NSF
The National Science Foundation (NSF) is an independent federal agency that supports fundamental research and education across all fields of science and engineering. In fiscal year (FY) 2009, its budget is $9.5 billion, which includes $3.0 billion provided through the American Recovery and Reinvestment Act. NSF funds reach all 50 states through grants to over 1,900 universities and institutions. Each year, NSF receives about 44,400 competitive requests for funding, and makes over 11,500 new funding awards.MORE

About TVWorldwide.com

Founded in 1999, TV Worldwide (www.tvworldwide.com) developed the first Internet TV network of community-based Internet TV channels, primarily targeting niche professional communities ranging from the Maritime industry to the Digital Media sector. Known by many in the industry as "Internet TV for Smart People", Fortune 500 companies, 18 federal government agencies, and numerous International associations including the National Association of Broadcasters, utilize TV Worldwide's live and archived state-of-the art video streaming content applications and Internet TV channels. In recognition of the company's unique achievements in new media, TV Worldwide was selected by the National Academy of Television Arts and Sciences (NATAS) to webcast the Daytime Emmy Awards and the Emmy awards for Technology and Engineering 2007 through 2009. CEO Dave Gardy has been honored by Streaming Media Magazine in 2008 as one of the 25 Most Influential People in Streaming Media. Mr. Gardy also currently serves as the President of the International Webcasting Association (IWA) (www.webcasters.org).