Author Information
Gloria Stewart, Marymount University, United StatesAbstract
The nature of phishing attacks and scams is more sophisticated than ever before. The craft deployed by the adversary renders status quo training ineffective. In 2020, private citizens, employees, and healthcare professionals fell prey to an influx of phishing attacks due to the COVID19 pandemic. Unlike animals, who use innate behavioral strategies [1] and learned behaviors to thwart dangers found in their environments, people repeatedly gravitate towards things deemed trustworthy. Understanding phishing attacks from a predator’s lens, increases the efficacy of employee training. Predation, the act of injuring, exploiting, or plundering others for personal gain [2] is a necessary pillar for training front-line employees to deal with diverse attacks from advanced persistent threats. We propose equipping public citizens and employees with a cyber predator acuteness to decrease the risk of phishing, spear phishing, scams, and ransomware attacks during a post COVID-19 era. Key tenants of the Cyber Predator Acuity Framework include deploying real world scenarios that when married zero trust and the National Institute of Science and Technology (NIST) Phish Scales approach with user work context and phishing cues offer promise for lessening likelihood of a data breach. Foundational tenets of cyber-predator acuity require individuals to (1) use adaptive processing cue sets (visual, sensory, and tactile) and contexts to foster a anti-predator mindset, (2) identify predatory tendencies, (3) deflect attacks using two key risk based methodologies (risk transfer and risk avoidance), and (4) deploy strategies to increase cyber defenses, and maintain a consistent cybersecurity awareness posture.
Comments
Powered by WP LinkPress