当前位置:首页 > 报告详情

通过科学诱饵制作进行用户网络钓鱼培训.pdf

上传人: 竿*** 编号:981934 2025-11-29 49页 2.62MB

1、Pwning Phishing Training Through Scientific Lure CraftingDr.Christian Dameff,MD&Dr.Ariana Mirian,PhDBlack Hat 2025,Human Factors TrackWho are we?Associate professor UCSDCo-director UCSD Center for Healthcare Cybersecurity Security researcher focused on Internet measurement/security Currently Censys,

2、Previously PhD UCSDAgenda Background&Motivation Study Setup,Design,&Methods Lessons Learned(and what that means for users)SummaryAudience poll:Does user phishing training work?Background+MotivationPhishing Training worksright?Many organizations(including ours)perform trainings Annual cybersecurity a

3、wareness trainings Simulated phishing tests(embedded trainings)Teach a person to spot a phish,and they are trained for life“Human firewalls”Background Much prior research is in favor of anti-phishing training i.e:Jampen et al.2020 Often lab studies Some recent studies that show opposite results I.e:

4、Lain et al.2022 Increasingly real world studies with actual users Problem:How do we reconcile these conflicting studies?Problem:How do we reconcile these conflicting studies?Underlying research question:What is the best modality for anti-phishing training?Many different modalities which to focus on?

5、StaticInteractiveLets Treat Security Research like Medical ResearchMedical OutcomesSecurity OutcomesMedical OutcomesSecurity OutcomesLets Treat Security Research like Medical Research Evidence based cybersecurity should be the norm.Bloodletting&mercury=bad Instead of spending millions of dollars AND

6、 hours on ineffective solutions,lets find the EFFECTIVE ones with science.Lets Treat Security Research like Medical ResearchMethodologyNot all evidence is equalRandomized 19,000+Employees into 5 Groups Control(no training)Generic static Generic interactive Contextual static Contextual interactive Th

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Pwning Phishing Training Through Scientific Lure Crafting》的研究,以下为全文关键点: 1. **研究背景**:尽管许多组织进行反钓鱼培训,但研究结果不一致,需要确定最佳培训模式。 2. **研究方法**:随机将19,000多名员工分为五组,进行为期8个月的实验,包括不同类型的钓鱼培训和模拟测试。 3. **研究发现**: - **钓鱼诱饵设计影响**:钓鱼诱饵设计对用户失败率有显著影响,表明诱饵设计对培训效果至关重要。 - **培训效果有限**:每月嵌入的培训平均仅提高了1.7%的用户失败率,表明培训效果有限。 - **用户参与度低**:用户在培训上花费的时间很少,静态培训效果较差,而互动培训效果较好。 4. **结论与建议**: - 需要找到更有效的培训方法。 - 应对安全成果进行实证分析,并共享数据以改善安全状况。
科学诱饵的力量?" "钓鱼培训有效吗?揭秘真实数据!" "如何打造高效钓鱼培训?专家揭秘!"
客服
商务合作
小程序
服务号
折叠