Understanding Security Practitioners’ Experiences of Investigating Compromised Email Accounts

Neeranjan Chitare, Lynne Coventry, James Nicholson

Research output: Contribution to journalConference articlepeer-review

Abstract

Cybersecurity breaches are a serious threat to economies and organisations across the globe in the digital landscape of today. Phishing attacks are one of the most common ways that these threats infiltrate businesses as they have developed into sophisticated strategies that make use of compromised accounts and exploit legitimate credentials for advanced attacks like lateral phishing. This paper investigates the processes employed by security practitioners in verifying the identity of account owners when suspecting a compromised account. Through semi-structured interviews with 13 cybersecurity professionals, we report on how practitioners are using diverse strategies for contacting suspected employees, including direct and indirect contact through line managers. We discuss the complexities in communication strategies during security incidents.
Original languageEnglish
Pages (from-to)1-10
Number of pages10
JournalProceedings of the 37th International BCS Human Computer Interaction Conference (HCI 2024)
Publication statusAccepted/In press - 18 Jun 2024
Event37th International BCS Human-Computer Interaction Conference - University of Central Lancashire, Preston, United Kingdom
Duration: 15 Jul 202417 Jul 2024
Conference number: 37
https://bcshci.org/

Keywords

  • cybersecurity practitioners
  • account compromise
  • incident response

Cite this