Högskolan i Skövde

Social engineering continues to pose a serious threat to information security, not because of its technical complexity, but because it exploits ordinary human behavior. While research has thoroughly examined user susceptibility and awareness training, we know far less about how attackers actually develop their skills in real-world settings. This study follows the learning process of a beginner conducting vishing calls in the Austrian healthcare system. Using a predefined script and some anticipated responses, the attacker, with no prior experience, made 20 phone-based attempts to deceive staff. A successful attempt meant persuading the target to visit a fake internal webpage and read a short code aloud, simulating a harmless but realistic breach. Over time, the attacker quickly moved from hesitant reading to confident improvisation, responding to feedback in real time. Many targets were friendly and helpful, often offering little resistance, which created a reinforcing loop. The attacker gained confidence and refined their approach with each call. These findings show how easily someone can become effective at social engineering through practice alone, and how everyday workplace interactions can unintentionally serve as training ground. For organizations, especially in high-trust environments like healthcare, this points to the need to rethink not just training but also the way communication and challenge behavior are structured.

Purpose

Developing cybersecurity awareness (CSA) is becoming a more and more important goal for modern organizations. CSA is a complex sociotechnical system where social, technical and organizational aspects affect each other in an intertwined way. With the goal of providing a holistic representation of CSA, this paper aims to develop a taxonomy of factors that contribute to organizational CSA.

Design/methodology/approach

The research used a design science approach including a literature review and practitioner interviews. A taxonomy was drafted based on 71 previous research publications. It was then updated and refined in two iterations of interviews with domain experts.

Findings

The result of this research is a taxonomy which outline six domains for importance for organization CSA. Each domain includes several activities which can be undertaken to increase CSA within an organization. As such, it provides a holistic overview of the CSA field.

Practical implications

Organizations can adopt the taxonomy to create a roadmap for internal CSA practices. For example, an organization could assess how well it performs in the six main themes and use the subthemes as inspiration when deciding on CSA activities.

Originality/value

The output of this research provides an overview of CSA based on information extracted from existing literature and then reviewed by practitioners. It also outlines how different aspects of CSA are interdependent on each other.

Definition

Context-Based Micro-Training (CBMT) is a method for implementing cybersecurity training for end-users. CBMT includes goals that describe what such training should aim to facilitate and guidelines that outline how.

Background

Users are expected to behave in a certain way in cyberspace to ensure cybersecurity. Policies and technical controls, for instance, provide rules that regulate how passwords should be created, how users should react to email, and what information is allowed to be given away on the phone. Yet, incorrect or insecure user actions continuously lead to cybersecurity incidents (Safa and Von Solms 2016). The use of training to support users towards secure behavior has been suggested by researchers for decades and is often used in practice. Such training can be delivered to users in different ways that can be grouped as follows:

Scheduled training often takes the form of a live lecture delivered physically or online.On-demand training where the user will access ...

Insecure user behavior is the most common cause of cybersecurity incidents. Insecure behavior includes failing to detect phishing, insecure password management, and more. The problem has been known for decades, and state-of-the-art mitigation methods include security education, training, and awareness (SETA). A common problem with SETA is, however, that users do not seem to adopt it to a high enough extent. When users are not adopting SETA, its intended benefit is lost. Previous research argues for personalized SETA and suggests that different user groups have different SETA needs and preferences. The characteristics of those groups are, however, unknown. To that end, this research draws on an existing dataset to identify how different populations perceive different SETA methods. A quantitative analysis shows that users in different demographic groups have different SETA preferences, with age being the most impactful demographic. A qualitative analysis reveals further factors that impact user adoption of SETA, with cost and ease of use being important factors for further research. 

Purpose – Digital mobile radio communication networks are used for coordinating operations in manyimportant sectors, including critical infrastructures and large industries. Despite this, there is a dearth ofknowledge about how their information security is managed. The most commonly used standard for suchnetworks is TETRA. Given the critical role of TETRA networks, this study aims to clarify how they are used,how their users manage information security and the implications of vulnerabilities in the standard.

Design/methodology/approach – The study is based on semi-structured interviews with representativesfrom 11 organizations in Sweden that own and operate TETRA networks, representing 32% of registered usersin the country and a wide range of users and applications. Thematic analysis was used to analyze the data.

Findings – Management of TETRA networks is generally outsourced, leaving TETRA network owners withscant knowledge of the state of security in their networks. Although organizations have high demands onavailability and integrity, the use of encryption and authentication is rare. Instead, users generally rely on theprotocol’s complexity and obscurity for security. Because organizations’ core operations are often dependenton functioning TETRA networks, attacks can have severe consequences.

Originality/value – Previous research on security in digital mobile radio communication networks hasfocused on technical vulnerabilities in standards. This study is the first, to the best of the authors’ knowledge,to investigate users’ approaches to information security, the potential consequences of attacks and theimplications of known security issues in this context.

Purpose: This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice. Design/methodology/approach: This study is based on an empirical study consisting of semistructured interviews with representatives from both branded and independent auto workshops. The data was analyzed using thematic analysis. A version of the capability maturity model was introduced to the respondents as a self-evaluation of their cybersecurity awareness. Findings: Cybersecurity was not found to be part of the current auto workshop work culture, and that there is a gap between independent workshops and branded workshops. Specifically, in how they function, approach problems and the tools and support available to them to resolve (particularly regarding previously unknown) issues. Research limitations/implications: Only auto workshop managers in Sweden were interviewed for this study. This role was picked because it is the most likely to have come in contact with cybersecurity-related issues. They may also have discussed the topic with mechanics, manufacturers or other auto workshops – thus providing a broader view of potential issues or challenges. Practical implications: The challenges identified in this study offers actionable advice to car manufacturers, branded workshops and independent workshops. The goal is to further cooperation, improve knowledge sharing and avoid unnecessary safety or security issues. Originality/value: As cars become smarter, they also become potential targets for cyberattacks, which in turn poses potential threats to human safety. However, research on auto workshops, which has previously ensured that cars are road safe, has received little research attention with regards to the role cybersecurity can play in repairs and maintenance. Insights from auto workshops can therefore shed light upon the unique challenges and issues tied to the cybersecurity of cars, and how they are kept up-to-date and road safe in the digital era. 

Exploiting human behavior to gain unauthorized access to computer systems has become common practice for modern cybercriminals. Users are expected to adopt secure behavior to avoid those attackers. This secure behavior requires cognitive processing and is often seen as a nuisance which could explain why attacks exploiting user behavior continues to be a fruitful approach for attackers. While adopting secure behavior can be difficult for any user, it can be even more difficult for users with cognitive disabilities. This research focuses on users with cognitive disabilities with the intent of developing design principles for the development of cognitively accessible cybersecurity training. The target group is estimated to include almost 10 % of all users but is previously understudied. The results show that the target group experience cybersecurity as cognitively demanding, sometimes to a degree that becomes incapacitating. Participating in cybersecurity training requires cognitive energy which is a finite resource. Cognitively accessible cybersecurity training requires a minimalist design approach and inclusion of accessibility functions. A minimalist design approach, in this case, means that both informative and design elements should be kept to a minimum. The rationale is that all such elements require cognitive processing which should be kept to a minimum. 

Joakim Kävrestad, lektor i datavetenskap, Tekniska Högskolan i Jönköping och Marcus Nohlberg, docent i informationsteknologi, Högskolan i Skövde, håller inte med Jan Kallberg om att svensk cybersäkerhetsforskning borde kraftsamlas till några få platser.

DEBATT. Jämställdhet handlar inte bara om lika löner och delat ansvar i hemmet. I dagens digitala samhälle är cybersäkerhet en grundläggande förutsättning för verklig jämställdhet.

Över 30 000 människor i Sverige lever i dag med skyddad identitet, ofta på grund av våld i nära relationer. För dem blir bristande cyberkompetens en barriär som försvårar möjligheten att lämna destruktiva relationer och återfå sin frihet.

User behavior is one of the biggest challenges to cybersecurity in modern organizations. Users are continuously targeted by attackers and required to have sufficient knowledge to spot and avoid such attacks. Different training methods are suggested and used in the industry to support users to behave securely. The challenge remains, and improved methods for end-user cybersecurity training are needed. This paper introduces and evaluates user perception of a method called Context-Based Micro-Training (CBMT). This approach suggests that training should be delivered in short sequences when the information is of direct relevance. The intention is to provide training directly related to the user’s current situation while also providing an awareness-increasing effect. This notion is tested in a survey-based evaluation involving 1,452 respondents from Sweden, Italy, and the UK, comparing the perception of CBMT against the experience of traditional approaches. The results emphasize that current methods are not effective enough and show that CBMT is perceived positively by respondents in all sample groups. The study further evaluated how demographic aspects impact the perception of CBMT and found that a diverse group of users can appreciate it.