|
|||
Abstract To explore the effectiveness of embedded training, we conducted a large-scale experiment that tracked workers' reactions to a series of carefully crafted spear phishing emails and to a variety of immediate training and awareness activities. Based on behavioral science findings, the experiment included four different training conditions, each of which used a different type of message framing. The results from three trials showed that framing had no significant effect on the likelihood that a participant would click on a subsequent spear phishing email, and that many participants either clicked on all links or none regardless of whether they received training or what kind of training they received. The results suggest that embedded training was ineffective because employees failed to read the training materials. We were therefore unable to determine whether the embedded training materials created framing changes on susceptibility to spear phishing attacks. Dr. Caputo will discuss the study results, why users may have feared the training, and what this means for strengthening our human firewalls against advanced spear phishing attacks. Speaker Deanna D. Caputo received her Ph.D. in Social and Personality Psychology from Cornell University, with specialization in Judgment and Decision-making and Psychology and Law. She currently works in the Washington D.C area for the MITRE Corporation as a Principal Behavioral Psychologist supporting the United States law enforcement and intelligence communities, and previously worked for the US Department of Defense as a senior human factors intelligence analyst. Dr. Caputo has almost 20 years experience in designing, conducting, and analyzing experimental research with human participants, using both quantitative and qualitative analyses. She is also proficient in profiling human decision-making behavior and conducting social network analyses. Her main area of research and operational consultation is human behavior and cyber security, particularly insider threat. Dr. Caputo has multiple psychological articles published in peer-reviewed journals, authored a book chapter, and her most recent publications are "Going Spear phishing: Exploring Embedded Training and Awareness," IEE Security & Privacy, (In Press); "Leveraging Behavioral Science to Mitigate Cyber Security Risk, Computers and Security, May 2012; and "Detecting the Theft of Trade Secrets by Insiders: A Summary of MITRE Insider Threat Research," IEEE Security & Privacy, Nov/Dec 2009. |
|||
About the WATCH series: Transforming today's trusted but untrustworthy cyberinfrastructure into one that can meet society's growing demands requires both technical advances and improved understanding of how people and organizations of many backgrounds perceive, decide to adopt, and actually use technology. WATCH aims to provide thought-provoking talks by innovative thinkers with ideas that illuminate these challenges and provide signposts toward solutions. The series is jointly organized by NSF's Computer Science and Engineering (CISE) and Social, Behavioral, and Economic (SBE) Directorates and sponsored by the CISE Secure and Trustworthy Cyberspace (SaTC) Program. Talks will be recorded and made available over the Internet. |
|||
|
|||
About NSF About TVWorldwide.com Founded in 1999, TV Worldwide (www.tvworldwide.com) developed the first Internet TV network of community-based Internet TV channels, primarily targeting niche professional communities ranging from the Maritime industry to the Digital Media sector. Known by many in the industry as "Internet TV for Smart People", Fortune 500 companies, 18 federal government agencies, and numerous International associations including the National Association of Broadcasters, utilize TV Worldwide's live and archived state-of-the art video streaming content applications and Internet TV channels. In recognition of the company's unique achievements in new media, TV Worldwide was selected by the National Academy of Television Arts and Sciences (NATAS) to webcast the Daytime Emmy Awards and the Emmy awards for Technology and Engineering 2007 through 2009. CEO Dave Gardy has been honored by Streaming Media Magazine in 2008 as one of the 25 Most Influential People in Streaming Media. Mr. Gardy also currently serves as the President of the International Webcasting Association (IWA) (www.webcasters.org). |