I will be on a panel on “Understanding the Risks and Prevention” at Cyber Security Forum, organized by the Greater Vancouver Board of Trade on October 20.
Category Archives: enterprise security
Understanding the Risks and Prevention
WannaCry: A Case Study for the Multitude of Cybersecurity Dimensions
I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity: Continue reading
Going After Vulnerable Population to Defend It
The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose in our paper presented at NSPW ’16 to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. Continue reading
