The Role of Phishing Victims’ Neuroticism: Reasons Behind the Lack of Consensus

The growing use of electronic devices along with the anxiety resulting from the COVID19 pandemic set the ground for cybercriminals to take advantage of a larger number of victims and undertake their massive phishing campaigns. Technical measures are widely developed, and the human factor is still the weakest link in the chain. Whilst existing literature suggests that the effect of neuroticism, as one of the Big-Five personality traits, might play an important role in human behaviour in the phishing context, results do not provide uniform outcomes with regards to the influence of this trait in phishing victimisation. With the aim to analyse those results, this article provides a synthesis of the studies aimed at improving the understanding of this trait, and collects evidence that the small samples size used in most of the studies along with their lack of uniformity are behind the contradictory conclusions found on the role of neuroticism and human susceptibility to phishing attacks.

IT Security Training and Awareness in the Multigenerational Workplace

For many organizations, increased cybersecurity training and employee aware-ness building have already played an increasingly significant role in their cyber-security strategies as a means of ensuring their policies are being followed, yet such organizations tend to offer generic, “one size fits all” training and awareness packages that do not sufficiently recognize important differences among employees. Among these are differences in attitude and outlook associated with generational cohorts. Through an examination of how these cohorts view various fac-tors that influence cybersecurity awareness, as well as the cohorts’ receptivity to different training methodologies, organizations can exploit generational characteristics to maximize the effectiveness of cybersecurity training for Baby Boomers, Generation X, Millennials, and imminently, Generation Z. A clear understanding of the intrinsic relationship between end-users and cybersecurity technology can help cybersecurity professionals act effectively to protect organizations’ critical IT infrastructure. Such effectiveness is more important than ever now, as sudden, massive increase in teleworking brought on by the COVID-19 pandemic, as well as the security challenges associated with this shift, will undoubtedly outlast it.

Cyber Diplomacy

The article aims to highlight issues related to the risks to both the European Union and the Member States, but at the same time seeks to highlight current legislative and political approaches applicable in cyberspace. This set of tools used in cyber diplomacy includes the concepts of cooperation and diplomatic dialogue (common cyber network of EU states, common cyber defense unit) but also measures to prevent cyber-attacks (European Union Cyber Security Strategy), as well as sanctions. Throughout this presentation, the main idea is supported by the cross-border nature of cyberspace.

Performance Evaluation of Selected Encryption Algorithms

Data security is a key aspect of today’s communication trend and growth. Various mechanisms have been developed to achieve this security. One is cryptography, which represents a most effective method of enhancing security and confidentiality of data. In this work, a hybrid based 136bit key algorithm involving a sequential combination of XOR (Exclusive –Or) encryption and AES (Advanced Encryption Standard) algorithm to enhance the security strength is developed. The hybrid algorithm performance is matched with XOR encryption and AES algorithm using encryption and decryption time, throughput of encryption, space complexity and CPU process time.

Cyber Awareness Exercises: Virtual vs On-site Participation & the Hybrid Approach

This paper examines the advantages and disadvantages of executing cyber awareness exercises in two different formats: Virtual vs On-site participation. Two EU Agencies, EUSPA and ENISA have organized in the previous years Cyber Awareness exercises; a very important tool to enhance and test the organization's ability to put up resistance and respond to different cyber threats. The objective of this paper is to compare the outcomes of these awareness exercises, executed on-site through physical attendance prior to 2019 and virtually, in a remote setup in 2020, due to the restrictions posed by the pandemic of COVID-19. ENISA in collaboration with EUSPA have accumulated raw and diverse data from the evaluation reports of the cyber events mentioned above. The comparison of these data will focus on the most important success factors of a cyber awareness exercise such as: participation, cooperation (social interaction/teambuilding), effectiveness, fun, tools and identify how the location of the participants affects them. The aim of this work is to highlight through statistical analysis the benefits of a hybrid approach to the exercise’s setup, once combining elements of both virtual and on-site. Depending on the different kind of exercises, such a hybrid setup, will provide more flexibility to an exercise organizer and help maximize effectiveness, while adapting to the fluctuating working regimes of the near future; namely Teleworking. Furthermore, a modular exercise design will be proposed in order to adapt to the location limitations without impacting negatively the rate of the rest of factors analyzed.

Re-Visiting Cyber Security Training in the COVID-19 Era

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

A Criminological Study on Trends of Cybercrimes Against Financial Institutions in Sri Lanka

Cybercrimes are virtual crimes that evolved according to nature and the intention of the culprit. Numerous cyber-attacks have been led by several anonymous groups to establish the censorship of information. As the technology used for any activity in the banking industry is continuously upgrading with monetary values as well as with information of clients, it is necessary to have a piece of updated knowledge on both cyber-attacks and technology for both clients and employees of the banking industry. Furthermore, it is crucial to study the nature, techniques and impact of cybercrimes as its techniques are continually evolving with technology. Moreover, it would be possible for individuals to assume that their confidential data and transactions are secured with the bank. This study investigated trends of cybercrimes against Sri Lankan financial institutions using seven Licensed Commercial Banks and uncovered its nature, techniques, impact and strategies that were applied by institutions for the protection of its clients.

Assessing the Actual Impact of a Cryptojacking Attack on Individual IT Systems and Measuring Legal Responses

Mining cryptocurrencies is much more profitable if one is not paying for equipment or the electricity used for the mining. This is the main reason why cryptojacking has become so prevalent as one of the predominant cybersecurity threats facing Europe today. While the robustness of an organisation is important, one should also know what to do following a security incident or breach. Whilst post-incident analyses are important, an organization should also ascertain their legal standing as well as any possible ways forward after the damage has been done. In order to have a better idea of such a situation, we conducted an in-depth analysis of what a cryptojacking attack would do to our computer network. We did not do that to better protect ourselves, but rather to assess what management can do after an attack happens. Furthermore, we present areas that should be taken into account when assessing damage and propose legal measures effective at the European Union level, relying on criminal, civil and data protection provisions.

Comparative Study of Various Forgery Detection Approach for Image Processing

Considering the availability of powerful image analysis and editing tools, digital images are easy to change and transfer. This is necessary to link or erase any important elements from any image without escaping any valid visible signs of interfering. Including its real-life apps in different areas, the copy move forgery method is analyzed in depth. Implementation phases for the detection of image forgery are also clarified, accompanied by various approaches using copy move forgery approach.

Cyber-Security and Its Future Challenges

This paper pertains to the existing challenges of cybersecurity, along with its threats in the future. On the other hand, the internet is expanding every day, and attackers see it as an opportunity to exploit people over the internet. In the future, this can lead to severe consequences in the coming time. This review paper reflects the challenges faced in cybersecurity and the terrible consequences of cyber threats in the future.