Share Email Print
cover

Proceedings Paper • new

Long lasting effects of awareness training methods on reducing overall cyber security risk
Author(s): Georgios Pouraimis; Konstantinos-Georgios Thanos; Athanassios Grigoriadis; Stelios C. A. Thomopoulos
Format Member Price Non-Member Price
PDF $17.00 $21.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Social Engineering holds one of the most critical threats to public and private organizations. In this paper we focus on phishing threats by measuring the positive impact that awareness methods may provide to them in a long-term period to companies and public bodies. The assessment criterion uses two phishing attacks in a period of 18 weeks. The phishing attack comprises a hook mail containing a link to a credentials harvesting website. Users’ reaction and user agent fingerprints are used in order to calculate a risk score for each victim. By applying chi square – tests it was found that there is a statistically significant score improvement for participants that were trained via the awareness methods. Furthermore, a risk analysis is conducted to identify, quantify and prioritize potential risks that could negatively affect the end-user’s operations. The main idea concerning this proposed technique is the fact that the assessment methods can assist the employees to develop skills and abilities in order to use the digital world safely, avoiding phishing attacks. The risk analysis findings indicate that the awareness approach has significant improvement in long term lasting risk reduction. The study was conducted as part of the European Horizon 2020 DOGANA project which aims to deploy effective mitigation strategies and lead to reduce the risk created by modern Social Engineering 2.0 attack techniques. The results obtained in this paper corroborate the results obtained by the EU funded project SAINT from the econometric analysis and modeling of the cybercrime and cyber security markets.

Paper Details

Date Published: 7 May 2019
PDF: 11 pages
Proc. SPIE 11018, Signal Processing, Sensor/Information Fusion, and Target Recognition XXVIII, 110180N (7 May 2019); doi: 10.1117/12.2518934
Show Author Affiliations
Georgios Pouraimis, National Technical Univ. of Athens (Greece)
Konstantinos-Georgios Thanos, National Ctr. for Scientific Research Demokritos (Greece)
Athanassios Grigoriadis, Hellenic National Defence General Staff (Greece)
Stelios C. A. Thomopoulos, National Ctr. for Scientific Research Demokritos (Greece)


Published in SPIE Proceedings Vol. 11018:
Signal Processing, Sensor/Information Fusion, and Target Recognition XXVIII
Ivan Kadar; Erik P. Blasch; Lynne L. Grewe, Editor(s)

© SPIE. Terms of Use
Back to Top