Category Archives: enterprise security

WannaCry: A Case Study for the Multitude of Cybersecurity Dimensions

I was recently asked to speak to the media about WannaCry. While preparing for the interview (see the video below), I’ve realized that this particular case is a good illustration of the various dimensions of cybersecurity: Continue reading

Going After Vulnerable Population to Defend It

The orthodox paradigm to defend against automated social-engineering attacks in large-scale socio-technical systems is reactive and victim-agnostic. Defenses generally focus on identifying the attacks/attackers (e.g., phishing emails, social-bot infiltrations, malware offered for download). To change the status quo, we propose in our paper presented at NSPW ’16 to identify, even if imperfectly, the vulnerable user population, that is, the users that are likely to fall victim to such attacks. Once identified, information about the vulnerable population can be used in two ways. Continue reading