Abstract
Innovation in generative Artificial Intelligence (AI) has already been leveraged by cybercriminals to deliver AI-powered social engineering attacks, specifically phishing. This advancement adds to the challenges the cybersecurity community is facing, such as lack of motivation to change unsafe behaviors and low engagement with awareness raising, education and training activities. Often, the problem is attributed to the fact that activities communicate the same message across different audiences. This approach is not helpful to assist people relating to the problem, realizing the threat and how it can be transformed. To build cyber resilience against phishing, the workforce needs to realize how phishing can be delivered in the context of their working environment and what aspects a cybercriminal can leverage to make the attack more realistic and plausible. This requires the design of awareness raising, education and training activities that can deliver highly tailored and context-aware messages to different audiences, considering their job role and responsibilities. Generative AI has already demonstrated an ability of high degree of creativity which is imperative for creating tailored and effective awareness raising and training content. This study investigates how generative AI can be leveraged by stakeholders, such as educators and trainers, to develop phishing-tailored attack scenarios. The scenarios can be embedded in awareness raising and training activities that can be delivered e.g. over cyber ranges, aiming to enhance the workforce’s cyber resilience against phishing attacks. Investigations are performed in the context of the maritime domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Venkatesha, S., Reddy, K., Chandavarkar, B.: Social engineering attacks during the COVID-19 pandemic. SN Comput. Sci. (2021)
ENISA: ENISA Threat Landscape 2023 (2023). https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
SlashNext: The State of Phishing 2023 (2024). https://slashnext.com/wp-content/uploads/2023/10/SlashNext-The-State-of-Phishing-Report-2023.pdf
cybersecuritymonth.eu: European Cyber Security Month (2023). https://cybersecuritymonth.eu/
Piki, A., Stavrou, E., Procopiou, A., Demosthenous, A.: Fostering cybersecurity awareness and skills development through digital game-based learning. In: 10th International Conference on Behavioural and Social Computing (BESC), Larnaca (2023)
Smith, A., Papadaki, M., Furnell, S.M.: Improving awareness of social engineering attacks. In: Dodge, R.C., Futcher, L. (eds.) Information Assurance and Security Education and Training. IAICT, vol. 406, pp. 249–256. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39377-8_29
Aldawood, H., Skinner, G.: Reviewing cyber security social engineering training and awareness programs - pitfalls and ongoing issues. Future Internet (2019)
Stavrou, E.: Back to basics: towards building societal resilience against a cyber pandemic. J. Syst. Cybern. Inf. (JSCI), 73–80 (2020)
Microsoft: Microsoft Digital Defense Report - Building and improving cyber resilience (2023). https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
Nah, F.F.-H., Zheng, R., Cai, J., Siau, K., Chen, L.: Generative AI and ChatGPT: applications, challenges, and AI-human collaboration. J. Inf. Technol. Case Appl. Res., 277–304 (2023)
Charalambous, A., Stavrou, E.: Building societal resilience against social engineering attacks: unleashing the power of instructional design and microtargeting. In: 16th Annual International Conference of Education, Research and Innovation (ICERI), Seville (2023)
Aldawood, H.: A policy framework to prevent social engineering. In: 3rd International Conference Middle East and North Africa Conference of Information System, Casablanca (2020)
WEF: The Cyber Resilience Index: Advancing Organizational Cyber Resilience (2022). https://www3.weforum.org/docs/WEF_Cyber_Resilience_Index_2022.pdf
Hulatt, D., Stavrou, E.: The development of a multidisciplinary cybersecurity workforce: an investigation. In: 17th International Symposium on Human Aspects of Information Security & Assurance (HAISA), Kent (2021)
Potamos, G., Theodoulou, S., Stavrou, E., Stavrou, S.: Maritime cyber threats detection framework: building capabilities. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds.) WISE 2022. IFIP Advances in Information and Communication Technology, vol. 650, pp. 107–129. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-08172-9_8
Potamos, G., Theodoulou, S., Stavrou, E., Stavrou, S.: Building maritime cybersecurity capacity against ransomware attacks. In: Onwubiko, C., et al. (eds.) International Conference on Cybersecurity, Situational Awareness and Social Media, pp. 87–101. Springer, Singapore (2023). https://doi.org/10.1007/978-981-19-6414-5_6
Kallonas, C., Piki, A., Stavrou, E.: Empowering professionals: a generative AI approach to personalized cybersecurity learning. In: IEEE Global Engineering Education Conference 2024, Kos (2024)
NIST: NIST SP 800-30 Rev. 1: Guide for Conducting Risk Assessments (2012). https://csrc.nist.gov/pubs/sp/800/30/r1/final
Gutterman, A.S.: Designing the organizational structure. In: SSRN (2023)
CompassAir: Part 2 – Stakeholders (2024). https://mycompassair.com/part-2-stakeholders/. Accessed 10 Feb 2024
Acknowledgments
This paper has received funding from the Digital Europe Programme (DIGITAL) under grant agreement project no. 101128049 - SecAwarenessTruss. The work reflects only the authors’ view, and the Agency is not responsible for any use that may be made of the information it contains.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Ethics declarations
The authors have no competing interests to declare that are relevant to the content of this article.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Loupasakis, M., Potamos, G., Stavrou, E. (2024). Revolutionizing Social Engineering Awareness Raising, Education and Training: Generative AI-Powered Investigations in the Maritime Domain. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2024. Lecture Notes in Computer Science, vol 14729. Springer, Cham. https://doi.org/10.1007/978-3-031-61382-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-61382-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-61381-4
Online ISBN: 978-3-031-61382-1
eBook Packages: Computer ScienceComputer Science (R0)