Abstract
Cybersecurity breaches are a serious threat to economies and organisations across the globe in the digital landscape of today. Phishing attacks are one of the most common ways that these threats infiltrate businesses as they have developed into sophisticated strategies that make use of compromised accounts and exploit legitimate credentials for advanced attacks like lateral phishing. This paper investigates the processes employed by security practitioners in verifying the identity of account owners when suspecting a compromised account. Through semi-structured interviews with 13 cybersecurity professionals, we report on how practitioners are using diverse strategies for contacting suspected employees, including direct and indirect contact through line managers. We discuss the complexities in communication strategies during security incidents.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of BCS HCI 2024 |
| Editors | Dan Fitton, Matt Horton |
| Publisher | BCS Learning & Development Ltd. |
| Pages | 136-145 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - 13 Mar 2025 |
| Event | 37th International BCS Human-Computer Interaction Conference - University of Central Lancashire, Preston, United Kingdom Duration: 15 Jul 2024 → 17 Jul 2024 Conference number: 37th https://bcshci.org/ |
Publication series
| Name | Electronic Workshops in Computing (eWiC) |
|---|---|
| Publisher | BCS Learning & Development Ltd. |
| ISSN (Electronic) | 1477-9358 |
Conference
| Conference | 37th International BCS Human-Computer Interaction Conference |
|---|---|
| Abbreviated title | BCS HCI 2024 |
| Country/Territory | United Kingdom |
| City | Preston |
| Period | 15/07/24 → 17/07/24 |
| Internet address |
Keywords
- Incident response
- Cybersecurity practitioners
- Account compromise