Blunting the Phisher's Spear - A Risk-Based Approach

Explore a groundbreaking approach to combating spear phishing attacks in this 27-minute Black Hat conference talk. Delve into the limitations of current cybersecurity training methods and discover a novel, risk-based strategy for enhancing organizational cyber resilience. Learn about the Suspicion, Cognition, Automaticity Model (SCAM) and how it informs the development of an employee Cyber Risk Index (CRI). Understand how this innovative approach can revolutionize user training, access management, and overall cybersecurity practices. Gain insights into the factors contributing to phishing victimization and explore ways to implement individualized, cognitive-behavioral training techniques. Examine the potential impact of evidence-based admin privilege allocation and discover how these paradigm-shifting solutions can significantly improve an organization's defense against sophisticated phishing threats.

Intro
Who am I
The People Problem
Our Research Program
Convince People
Training Approach
Academic Research
Recent Study
The Problem
The Scale Model
The Suspicious Cognition Automaticity Model
Cognitive Misers
Risk Beliefs
Device Habits
Cyber Risk Index