Lecturer in Cyber Security
1:00 PM Achieving a Digital Stranger Danger Mentality by Heightening the Basic Cyber Skills and Awareness Standards across Departments
In 2017 the Australian Cyber Security Centre reported that 90% of 113 organisations surveyed (including 45 Government organisations) experienced phishing and social engineering as the most common form of attack in attempted security breaches.
Making basic cyber practices second nature and consistently improving staff awareness and skills can improve stakeholder confidence, minimises system interruptions, and potentially other ancillary benefits including breach prevention. Creating a strong security culture and behaviour locks the front door to the most common malicious breaches and is essential in achieving a secure system.
- The essential security check list for all levels of workers within departments and organisations to make basic security prevention a behaviour
- Strategies in providing detection skills and awareness training in a resourceful and effective way – virtual training programs and educational suites
- Bridging the skills gap during digital transitions and up-skilling capability in responding to cyber threats
- Establishing a successful business case to influence leaders in uplifting department skills beyond technical expertise
2:20 PM PANEL DISCUSSION: Examining the Cloud as a Divergent Digital Landscape Instigating New Security Risks for Data
Government departments and agencies are trending towards aggregation critical systems. Unlike on premise data storage, the cloud produces a superior capacity, greater savings, convenience and increased data access flexibility. However, cloud services have created a systematic economic risk which requires reliance on vendors as a second party supply chain; reducing data control. Subsequently, a new environment requires new methods of defence.
- Exploring vendor inspection frameworks to ensure a trustworthy and secure cloud solution.
- Defining cyber security risk management and insurance as cloud service providers are not accountable for breaches.
- Exploring cloud innovation and encouraging staff to have a positive attitude and active training participation towards the cloud.
3:30 PM CASE STUDY: Developing a Threat Model for Organisations through a Gamified Approach to Thwart Phishing Attacks:
A recently published threat report from Australian Cyber Security Centre has revealed that phishing is still one of the dangerous cyber-crimes to both individuals and organisations. Automated antiphishing tools have been developed and used to alert users of potentially fraudulent emails and websites. However, these tools are not entirely reliable in detecting phishing attacks, missing over 20 per cent of phishing websites because of the sensitive trust decisions made by humans during their online activities. It is not possible to completely avoid the end-user, one mitigating approach for cyber security is to educate and train the end-user in security prevention. Therefore, the aim of this research proposal focuses on designing and developing a serious game to educate individuals about online identity theft (phishing emails and URLs from legitimate ones).
- Defining the proposed game which encourages users to enhance their avoidance behaviour through motivation to protect themselves from phishing attacks.
- Analysing records of how users employed their strategies to differentiate phishing attacks from legitimate ones through the game and then develop a threat model understanding of how cybercriminals leverage their attacks within the organisation through the human exploitation.
- The future use of the developed threat model an be used to develop countermeasures i.e. both technical and non-technical) and educational interventions to the organisation.