Trust No One

Presentation overview

Phishing remains a significant threat to organisations, with attackers continually refining their tactics to exploit human vulnerabilities. Over the past few years, these tactics have grown in sophistication, with even experts struggling to effectively identify complex social engineering attacks. As a result, there has been a growing trend towards personalising training programs to better equip individuals against these threats. While this approach has its merits, I propose a shift in focus towards broader training strategies that emphasise the identification of suspicious contexts over specific technical details.

In this talk, I will use the context of lateral phishing attacks, where our research demonstrates a reliance on employee reports, to demonstrate why existing approaches to phishing training require a rethink. I then propose a different approach to support employees in the detection of sophisticated phishing attacks.

Biography

James is an Associate Professor in the Department of Computer and Information Sciences at Northumbria University. James’ broad area of work is around human-centred cybersecurity, with special interests in social engineering, older adults, and peer influence.

His recent work focuses on improving the cybersecurity awareness and behaviours of communities through embedding knowledgeable peers to encourage open discussions around security and serve as behaviour change role models. James has also developed tools and methodologies for uncovering and understanding employees’ mental models of security threats with the aim of improving training programmes and/or organisational policies.