Cyber immunity

Vaccinate yourself against social engineering

Comment

Introduction

Daily reports of confirmed new cases of COVID-19, deaths, measures taken or empty shelves in stores. It is not easy to keep calm, as proven by many examples of irrational reactions and human behaviour. Being afraid is normal. Fear is a natural response that stems from our nature of human being and protects us since long ago from threat, from some danger. We know it, you know it, unfortunately, they know it too. Fraudulent sites that exploit people's fear and anxiety resulting from the pandemic situation are on the rise. They are pretending to sell respirators, cure coronavirus with disinfectants or protesting 5G networks, while stealing your data and infecting your computer with malicious code.

Interdisciplinary team from Pavol Jozef Safarik University in Kosice, Slovakia wants to tackle this challenge by creating cyber immunity. If we are all vaccinated, our collective cyber immunity protects us from such attacks/viruses.

How are we proposing to create cyber immunity? By vaccinating people with education. Education is a means of addressing the cyber security of individuals and organizations. We propose modern, interactive, and user-friendly e-learning program with elements of gaming. Our goal is to educate people about cyber security by engaging multiple senses, critical thinking, and emotions.

Inspiration

Why

The problem

  • Top cybersecurity threats include social engineering.

  • Social engineering is a non-technical method of attack using the emotions (fear, anxiety) as well as the characteristics (trustworthiness, respect for authorities, curiosity) of people.

  • Social engineering has been working over 20 years.

  • Crisis situations like COVID-19 spread amplify human emotions and qualities.

         * Traditional teaching methods are not effective:

     * Websites with guaranteed advice are not accurate.  On-site learning is boring and its efficiency is low.

     * Users don't think that cyber threats affect them.

     * The attacker's methods are changing -> there is no solution to everything

Target group

A human being in position

  • Internet user, user of social networks - threats in the form of invasion of privacy and leakage of personal data, damage to good name and reputation.

  • The organizations - employ employees - threats in the form of leakage of personal data, know-how, damage to good name and reputation, legislative responsibilities and sanctions.

How

Replace the traditional way of education in cyber security awareness and provide security awareness solution based on:

  • engaging multiple senses,

  • developing critical thinking,

  • personally experience the cyber attack's consequences.

People do not engage more senses while learning: increase learning efficiency by engaging multiple senses.

People do not think critically: the issue of information security processed into interactive games and tasks will enable the development of critical thinking.

People do not think it affects them: use virtual reality to drag a user into a site security incident occurs (e.g. files are encrypted). Create a memorable experience that will increase attention to cyberattacks in the future.

Our product (online service) offers cyber immunization

  • learning how to respond to cyber security threats that may come.

  • the main goal is not treatment but vaccine.

  • offer a proactive solution and not a reactive

Users

  • testing, testing on real cases (email messages, posts on social networks, SMS messages)

  • evaluation of the decision

  • testing the situation after the problem occurs

Organisation

  • testing of its employees

  • providing a proactive solution

  • compliance with legal requirements

Challenges we ran into

  • how to show users that security threats affect them - security feelings (Virtual reality)

  • how to effectively teach users to defend against security threats - gamification

Business plan

Business canvas model

Within Cyber immunity we also consider the feasibility, economic and societal value, resources, market knowledge and sustainability of the solution. We have addressed these issues in Business models canvas of Cyber immunity in more detail.

What's next for Cyber immunity

  • User accounts and personalized content for groups of users

  • Generating a certificate of completion

  • Admin dashboard for organizations to choose which content will be shown to which users and to track the completion of their employees

By the end of October 2020, there will be functional modules for passwords, phishing and web browsing, as well as VR videos, evaluations and reports for participants and organizations.

Built With

Share this project:

Updates