Tools
Tools
Henderson, Niklas 
ORCID: https://orcid.org/0000-0003-1585-9531, Pallett, Helen ORCID: https://orcid.org/0000-0001-5014-6356, van der Linden, Sander, Montanarini, Jake and Buckley, Oliver ORCID: https://orcid.org/0000-0003-1502-5721
(2024)
The disPHISHinformation Game: Creating a Serious Game to Fight Phishing Using Blended Design Approaches.
In: International Conference on Applied Human Factors and Ergonomics, 2024-07-24 - 2024-07-27, Université Côte d'Azur.
Preview |
PDF (978-1-964867-03-8_14)
- Published Version
Download (1MB) | Preview |
Abstract
Abstract: In 2022, 39% of all UK businesses reported identifying a cyber security attack against their own organisation, 83% of which were phishing attempts. A large body of research in cyber security focuses on technical solutions, however humans remain one of the most exploitable endpoints in an organisation. Traditional security training within organisations commonly includes point-and-click exercises and simple video media that employees are required to complete. These training exercises are often seen as unengaging and tedious, and employees are commonly pushed to complete training rather than encouraged to learn and self-educate. Simulations and games are increasingly being deployed for training purposes in organisations, however often either (a) simply raise cyber security awareness rather than deliver key security policy and content, or (b) lack accessibility with complex game pieces and rules not easily understandable by those not accustomed to playing games. We introduce the disPHISHinformation game: a customisable serious game to deliver phishing training specific to the threats businesses face on a day-to-day basis. Drawing on existing taxonomies, the game delivers content on email, voice, and SMS social engineering attacks, in a format that educates players in key social engineering features. In collaboration with a large service organisation, we have also developed a customised edition of disPHISHinformation game which reflects the targeted attacks faced by their staff. By creating an analog serious game to deliver key phishing training, we can stimulate higher employee engagement and deliver a more memorable experience.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Faculty \ School: | Faculty of Science > School of Computing Sciences Faculty of Science > School of Environmental Sciences |
| UEA Research Groups: | Faculty of Science > Research Groups > Environmental Social Sciences |
| Depositing User: | LivePure Connector |
| Date Deposited: | 02 Jul 2024 08:30 |
| Last Modified: | 11 Jul 2024 23:42 |
| URI: | https://ueaeprints.uea.ac.uk/id/eprint/95732 |
| DOI: | 10.54941/ahfe1004774 |
Downloads
Downloads per month over past year
Actions (login required)
 |
View Item |