Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES (DAMOCLES 2024)
Authors: 
Bernardo Breve, 
Giuseppe Desolda, 
Vincenzo Deufemia, 
Lucio Davide SpanoAuthors Info & Claims
Article No.: 125, Pages 1 - 4
Abstract
Today, the pervasive influence of technology has created significant cybersecurity challenges, exacerbated by human error that is often overlooked in system design. Reports show that up to 95% of cyber attacks are due to human factors, such as susceptibility to phishing and lax software maintenance. Italian public administrations (PAs) face heightened cyber risks due to underinvestment compared to the private sector. To address these challenges, the DAMOCLES research project provides a tailored framework focusing on Human Vulnerability Assessment (HVA) and Human Vulnerability Mitigation (HVM). HVA activities include behavior-based assessments and controlled cyber-attack testing using Digital Twins (DT) to mirror user behavior. HVM uses insights from HVA to develop customized training programs, supported by non-coding approaches for easy adoption. DAMOCLES aims to improve cybersecurity in Italian government agencies by effectively addressing human-related security vulnerabilities.
References
[1]
Noor Hayani Abd Rahim, Suraya Hamid, Miss Laiha Mat Kiah, Shahaboddin Shamshirband, and Steven Furnell. 2015. A systematic review of approaches to assessing cybersecurity awareness. Kybernetes 44, 4 (2015), 606–622.
[2]
Talal Alharbi and Asifa Tassaddiq. 2021. Assessment of cybersecurity awareness among students of Majmaah University. Big Data and Cognitive Computing 5, 2 (2021), 23. https://doi.org/10.3390/bdcc5020023
[3]
Khalid Adnan Alissa, Hanan Abdullah Alshehri, Shahad Abdulaziz Dahdouh, Basstaa Mohammad Alsubaie, Afnan Mohammed Alghamdi, Abdulrahman Alharby, and Norah Ahmed Almubairik. 2018. An Instrument to Measure Human Behavior Toward Cyber Security Policies. In 2018 21st Saudi Computer Society National Computer Conference (NCC). 1–6. https://doi.org/10.1109/NCG.2018.8592978
[4]
Carmelo Ardito, Paolo Bottoni, Maria Francesca Costabile, Giuseppe Desolda, Maristella Matera, Antonio Piccinno, and Matteo Picozzi. 2013. Enabling end users to create, annotate and share personal information spaces. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 7897 LNCS (2013), 40 – 55. https://doi.org/10.1007/978-3-642-38706-7_5
[5]
Carmelo Ardito, Maria Francesca Costabile, Giuseppe Desolda, Markus Latzina, and Maristella Matera. 2015. Making mashups actionable through elastic design principles. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 9083 (2015), 236 – 241. https://doi.org/10.1007/978-3-319-18425-8_22
[6]
Tor T. Berre, Vemund Eggemoen, Thomas D. Haugrud, William H. Le, and Martin Sandnes. 2015. Phishing awareness among students at NTNU. 6th International Conference on Applied Human Factors and Ergonomics. 9 (2015), 1117–1124.
[7]
Paolo Buono, Giuseppe Desolda, Francesco Greco, and Antonio Piccinno. 2023. Let warnings interrupt the interaction and explain: designing and evaluating phishing email warnings. In Extended Abstracts of the 2023 CHI Conference on Human Factors in Computing Systems(CHI EA ’23). ACM, Article 197. https://doi.org/10.1145/3544549.3585802
[8]
European Commission. 2022. Italy in the Digital Economy and Society Index. https://digital-strategy.ec.europa.eu/en/policies/desi-italy. [Accessed 24-04-2024].
[9]
Fabrizio Corda, Marco Onnis, Matteo Pes, L Davide Spano, and Riccardo Scateni. 2019. BashDungeon: Learning UNIX with a video-game. Multimedia Tools and Applications 78 (2019), 13731–13746.
[10]
Adele Da Veiga and Jan H.P. Eloff. 2010. A framework and assessment instrument for information security culture. Computers & Security 29, 2 (2010), 196–207. https://doi.org/10.1016/j.cose.2009.09.002
[11]
Giuseppe Desolda. 2015. Enhancing workspace composition by exploiting linked open data as a polymorphic data source. Smart Innovation, Systems and Technologies 40 (2015), 97 – 108. https://doi.org/10.1007/978-3-319-19830-9_9
[12]
Giuseppe Desolda, Joseph Aneke, Carmelo Ardito, Rosa Lanzilotti, and Maria Francesca Costabile. 2023. Explanations in warning dialogs to help users defend against phishing attacks. International Journal of Human-Computer Studies 176 (2023), 103056. https://doi.org/10.1016/j.ijhcs.2023.103056
[13]
IBM. 2014. IBM Security Services 2014 Cyber Security Intelligence Index. https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/IBMSecurityServices2014.PDF. [Accessed 24-04-2024].
[14]
Giorgia Lallai, Giovanni Loi Zedda, Célia Martinie, Philippe Palanque, Mauro Pisano, and Lucio Davide Spano. 2021. Engineering task-based augmented reality guidance: application to the training of aircraft flight procedures. Interacting with Computers 33, 1 (2021), 17–39.
[15]
Pasquale Mancino. 2024. Piano triennale per l’informatica nella PA, tra AI e cyber security: principi, ruoli, monitoraggio. https://www.cybersecurity360.it/legal/piano-triennale-per-linformatica-nella-pa-tra-ai-e-cyber-security-principi-ruoli-monitoraggio/. [Accessed 24-04-2024].
[16]
Steve Morgan. 2015. Cybercrime To Cost The World $10.5 Trillion Annually By 2025. https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/. [Accessed 24-04-2024].
[17]
Verizon. 2022. Data Breach Investigations Report. https://www.verizon.com/business/en-gb/resources/2022-data-breach-investigations-report-dbir.pdf. [Accessed 24-04-2024].
Index Terms
- Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES (DAMOCLES 2024)
Recommendations
Towards a human factors assessment questionnaire for cybersecurity incidents
AVI '24: Proceedings of the 2024 International Conference on Advanced Visual InterfacesAssessing human vulnerability in cybersecurity is critical to understanding the relationship between human factors and the security of digital systems. This issue is exacerbated in areas such as public administration due to the sensitive nature of the ...
Human Factors in Phishing Attacks: A Systematic Literature Review
Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a trustworthy entity in digital communication. It is a type of cyber attack often successful because users are not aware of their vulnerabilities or are unable to ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
578 pages
Copyright © 2024 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 03 June 2024
Check for updates
Author Tags
Qualifiers
- Extended-abstract
- Research
- Refereed limited
Funding Sources
- This work has been supported by the Italian Ministry of University and Research (MUR) under grant PRIN 2022 PNRR DAMOCLES: Detection And Mitigation Of Cyber attacks that exploit human vuLnerabilitiES
Conference
AVI 2024
AVI 2024: International Conference on Advanced Visual Interfaces 2024
June 3 - 7, 2024
Arenzano, Genoa, Italy
Acceptance Rates
AVI '24 Paper Acceptance Rate 21 of 82 submissions, 26%;
Overall Acceptance Rate 128 of 490 submissions, 26%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 38Total Downloads
- Downloads (Last 12 months)38
- Downloads (Last 6 weeks)7
Reflects downloads up to 21 Nov 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format