Long lasting effects of awareness training methods on reducing overall cyber security risk

Georgios Pouraimis; Konstantinos-Georgios Thanos; Athanassios Grigoriadis; Stelios C. A. Thomopoulos

doi:10.1117/12.2518934

7 May 2019 Long lasting effects of awareness training methods on reducing overall cyber security risk

Georgios Pouraimis, Konstantinos-Georgios Thanos, Athanassios Grigoriadis, Stelios C. A. Thomopoulos

Proceedings Volume 11018, Signal Processing, Sensor/Information Fusion, and Target Recognition XXVIII; 110180N (2019) https://doi.org/10.1117/12.2518934
Event: SPIE Defense + Commercial Sensing, 2019, Baltimore, MD, United States

Abstract

Social Engineering holds one of the most critical threats to public and private organizations. In this paper we focus on phishing threats by measuring the positive impact that awareness methods may provide to them in a long-term period to companies and public bodies. The assessment criterion uses two phishing attacks in a period of 18 weeks. The phishing attack comprises a hook mail containing a link to a credentials harvesting website. Users’ reaction and user agent fingerprints are used in order to calculate a risk score for each victim. By applying chi square – tests it was found that there is a statistically significant score improvement for participants that were trained via the awareness methods. Furthermore, a risk analysis is conducted to identify, quantify and prioritize potential risks that could negatively affect the end-user’s operations. The main idea concerning this proposed technique is the fact that the assessment methods can assist the employees to develop skills and abilities in order to use the digital world safely, avoiding phishing attacks. The risk analysis findings indicate that the awareness approach has significant improvement in long term lasting risk reduction. The study was conducted as part of the European Horizon 2020 DOGANA project which aims to deploy effective mitigation strategies and lead to reduce the risk created by modern Social Engineering 2.0 attack techniques. The results obtained in this paper corroborate the results obtained by the EU funded project SAINT from the econometric analysis and modeling of the cybercrime and cyber security markets.

Citation Download Citation

Georgios Pouraimis, Konstantinos-Georgios Thanos, Athanassios Grigoriadis, and Stelios C. A. Thomopoulos "Long lasting effects of awareness training methods on reducing overall cyber security risk", Proc. SPIE 11018, Signal Processing, Sensor/Information Fusion, and Target Recognition XXVIII, 110180N (7 May 2019); https://doi.org/10.1117/12.2518934

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
11 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Information security

Error control coding

Holmium

Analytical research

Computer security

Data communications

Network security

Show All Keywords

Keywords/Phrases

Search In:

Publication Years