Every major breach in recent years, from the Sony Picture Entertainment hack, where hackers released sensitive insider information, to the Office of Personnel Management breach, where 20 million federal government employee records were compromised, began with a phishing attack. Phishing is the proverbial “tip of the spear” used by cyber criminals to get a foothold into an organization’s networks. It has been used for crimes ranging from identity and intellectual property theft to financial fraud, cyber espionage, and hacktivism, and is today the single biggest threat to cyber security.
This presentation provides an in-depth view of how phishing works and how hackers utilize it to infiltrate networks. It then presents the extant strategies being used to combat phishing and their relative effectiveness. The talk subsequently presents a theoretical model, the Suspicion, Cognition, Automaticity Model of Phishing Susceptibility (SCAM), which accounts for conscious cognitions as well as automatic habitual patterns of media use that lead to individual deception through phishing. Data from a number of “red team” type experiments using the SCAM’s framework are used to why explain today’s interventions are not as effective at combating phishing. The presentation culminates with suggestions on the future of cyber security and strategies to better protect it.
Time: 3 p.m.
Date: Wednesday, 03 Feb 2016
Venue: CNM Meeting Room AS6-03-33
Arun Vishwanath, Ph.D., MBA, is Associate Professor of Communication at the University at Buffalo. His research is on the diffusion, adoption, utilization, and mis-utilization of information technology. His present focus is on phishing and spoofing attacks and on finding ways to mitigate them. This work has led to an understanding of the joint role of conscious cognitions and automatic habits in determining individual victimization through such attacks. He is presently developing strategies for mitigating breaches and interventions that lead to better cyber hygiene.
Arun has authored over two dozen peer-reviewed research papers and his opinions on cybersecurity have been featured on CNN, BBC World News, The Conversation, The World Economic Forum, USA Today, and a host of other media outlets. His research on phishing is currently funded by the National Science Foundation and he is also working with teams from the NSA, NIST, DHS, and The White House’s OSTP in testing strategies for better protecting computer networks in the federal government.