Abstract
Cybersecurity breaches are a serious threat to economies and organisations across the globe in the digital landscape of today. Phishing attacks are one of the most common ways that these threats infiltrate businesses as they have developed into sophisticated strategies that make use of compromised accounts and exploit legitimate credentials for advanced attacks like lateral phishing. This paper investigates the processes employed by security practitioners in verifying the identity of account owners when suspecting a compromised account. Through semi-structured interviews with 13 cybersecurity professionals, we report on how practitioners are using diverse strategies for contacting suspected employees, including direct and indirect contact through line managers. We discuss the complexities in communication strategies during security incidents.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of BCS HCI 2024 |
| Place of Publication | London |
| Publisher | BCS Learning and Development Ltd. |
| Pages | 136-145 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - 1 Jul 2024 |
| Event | 37th International BCS Human-Computer Interaction Conference - University of Central Lancashire, Preston, United Kingdom Duration: 15 Jul 2024 → 17 Jul 2024 Conference number: 37 https://bcshci.org/ |
Publication series
| Name | Electronic Workshops in Computing (eWiC) |
|---|---|
| Publisher | BCS Learning and Development Ltd. |
| ISSN (Print) | 1477-9358 |
Conference
| Conference | 37th International BCS Human-Computer Interaction Conference |
|---|---|
| Abbreviated title | BCS HCI 24 |
| Country/Territory | United Kingdom |
| City | Preston |
| Period | 15/07/24 → 17/07/24 |
| Internet address |
Keywords
- cybersecurity practitioners
- account compromise
- incident response