CSF Forum 1: 21 February, 2018

January 31, 2018

Cyber-attacks are becoming increasingly sophisticated. The current breed of cyber criminals utilises attacks that exploit sophisticated social engineering techniques capable of consistently bypassing modern protection mechanisms. Despite the advancements in the technology used by network defence tools and endpoint protection products, determined cyber criminals are able to find their way into the enterprise by exploiting the weakest link: the user.

As reported by Verizon in the 2017  Annual Data Breach Investigations Report, 43% of successful cyber security breaches was based on social engineering attacks. Existing cyber defence tools focus on keeping threats outside the organisation. However, the actual threat can come from within the organisation. There is a need to start rethinking where cyber security technology should focus its attention and how it should deliver its promises.
The first Cyber Security Foundry Forum will shed some insights on how psychological and behavioural aspects of users affect the cyber security of an organisation and how new emergent technology based on blockchain can provide different and more effective solutions.

Location: Owen G Glenn Building, Building 260, Level 3, Room 321, 12 Grafton Road

4pm   Welcome by Associate Professor Giovanni Russello, Director of the Cyber Security Foundry

4.05pm   Psybersecurity: Human Behaviour and Network Security (Slides)
Associate Professor Paul Corballis – School of Psychology, The University of Auckland

Most efforts to improve network security are focused on technological developments to make networks more resilient to attack. The weakest link in most networks remains the human user, who must often make decisions about whether to provide information, open an attachment, or click a hyperlink. Cybersecurity, then, is as much a psychological or behavioural issue as a technological one.  Here I will discuss what we know – and what we don’t know – about who is most vulnerable to cyber-attacks, and under what circumstances, and suggest a possible way to improve resilience in human users based on established psychological principles.

4.35pm   User-Centered Security: A Human-Computer-Interaction Perspective (Slides
Dr Danielle Lottridge – Department of Computer Science, The University of Auckland

Cybersecurity breaches are often categorized in two types: either a technical weakness that can be hacked or a human weakness that can be exploited in other ways. But a human-computer-interaction perspective on security allows us to combine certain insights from engineering and psychology by relocating our analysis to the interface. In this talk, Dr. Lottridge will discuss the relevance to cybersecurity of recent HCI case studies of design that manages manipulative and highly emotional interactions, e.g., between trolls and the trolled, as well as recent research on the cognitive effects of media-multitasking, which has important implications for usable security.

5.05pm   Blockchain and Cybersecurity (Slides)
Associate Professor Alexandra Sims – Business School, The University of Auckland

The internet was designed without security in mind, it was after all a network for like-minded academics and others. While the internet’s openness has transformed society, the internet’s inherent lack of security is its Achilles heel. As more and more valuable information and assets are stored online cyberattacks are becoming increasingly sophisticated. In addition, the internet’s increasing role in the control of critical infrastructure and our day to day activities means that the importance of cybersecurity cannot be overstated. Blockchain promises to help enterprises and others secure and prevent fraudulent activities. While Blockchain is not a panacea for cyber security it promises to be a useful tool.

5.40pm   Refreshments and discussion

This event is by registration only. To register please send an email to Cornelia (c.bluefeld@auckland.ac.nz)