A Case Study of Phishing Incident Response in an Educational Organization

被引:12
作者
Althobaiti K. [1 ,2 ]
Jenkins A.D.G. [1 ]
Vaniea K. [1 ]
机构
[1] The University of Edinburgh, Edinburgh
来源
| 1600年 / Association for Computing Machinery卷 / 05期
关键词
distributed cognition; ITIL framework; phishing; phishing incident; phishing management; reactive security;
D O I
10.1145/3476079
中图分类号
C [社会科学总论];
学科分类号
03 ; 0303 ;
摘要
Malicious communications aimed at tricking employees are a serious threat for organizations, necessitating the creation of procedures and policies for quickly respond to ongoing attacks. While automated measures provide some protection, they cannot completely protect an organization. In this case study, we use interviews and observations to explore the processes staff at a large University use when handling reports of malicious communication, including how the help desk processes reports, whom they escalate them to, and how teams who manage protections such as the firewalls and mail relays use these reports to improve defenses. We found that the process and work patterns are a distributed cognitive process requiring multiple distinct teams with narrow system access and tactic knowledge. Sudden large campaigns were found to overwhelm the help desk with reports, greatly impacting staff's workflow and hindering the effective application of mitigations and the potential for reflection. We detail potential improvements to ticketing systems and reflect on ITIL, a common framework of best practice in IT management. © 2021 ACM.
引用
收藏
相关论文
共 106 条
[1]  
Who Uses ITIL in 2020, (2020)
[2]  
Ahmad A., Hadgkiss J., Ruighaver A.B., Incident response teams-challenges in supporting the organisational security function, Computer Security, 31, 5, pp. 643-652, (2012)
[3]  
Alnajim A.M., Munro M., An anti-phishing approach that uses training intervention for phishing websites detection, Sixth International Conference on Information Technology: New Generations, ITNG, pp. 405-410, (2009)
[4]  
Althobaiti K., Vaniea K., Zheng S., Faheem: Explaining urls to people using a slack bot, 2018 Symposium on Digital Behaviour Intervention for Cyber Security (AISB)., pp. 1-8, (2018)
[5]  
Asanka Gamagedara Arachchilage N., Love S., Beznosov K., Phishing threat avoidance behaviour: An empirical investigation, Computers in Human Behavior, 60, pp. 185-197, (2016)
[6]  
Barrett R., Maglio P.P., Kandogan E., Bailey J.H., Usable autonomic computing systems: The system administrators' perspective, Advanced Engineering Informatics, 19, 3, pp. 213-221, (2005)
[7]  
Report Phishing, (2020)
[8]  
Botta D., Muldner K., Hawkey K., Beznosov K., Toward understanding distributed cognition in it security management: The role of cues and norms, Cognition, Technology & Work, 13, 2, pp. 121-134, (2011)
[9]  
Botta D., Werlinger R., Gagne A., Beznosov K., Iverson L., Fels S.S., Fisher B.D., Towards understanding it security professionals and their tools, Proceedings of the 3rd Symposium on USAble Privacy and Security, SOUPS, 229, pp. 100-111, (2007)
[10]  
Burda P., Allodi L., Zannone N., Don't forget the human: A crowdsourced approach to automate response and containment against spear phishing attacks, European Symposium on Security and Privacy. IEEE, Virtual Conference, (2020)
12345678910