Dr. John W. Coffey holds a B.S. in Psychology from the College of William and Mary (1971), a B.S. in Systems Science (1989), an M.S. in Computer Science/Software Engineering (1992), and an Ed.D. with an emphasis in Computer Science (2000) from the University of West Florida (UWF). He was one of the first members of the Institute for Human and Machine Cognition (IHMC) and he has worked with that organization for many years. He has been in the Department of Computer Science at the University of West Florida since 1992, starting as a Lecturer and working his way up to his current rank of Professor. He has published a total of more than 100 refereed journal articles, book chapters, technical reports, and conference proceedings. His research interests include knowledge elicitation and representation, web services, and Service Oriented Architecture, advanced technology for education, and computer science education.
End user error continues to be a significant root cause of cybersecurity breaches. Despite widespread progress in the establishment of training for end users and a slight downward trend in end user error-mediated compromises as a percentage of total successful attacks and data breaches, the absolute number of successful attacks continues to trend upward. This talk will provide details regarding two major categories of end user error: failure to detect social engineering attacks and unintended data disclosures not resulting from social engineering attacks.
Modern social engineering attacks are sophisticated occurrences that bear little resemblance to early, primitive phishing exploits. This talk will address the evolution of social engineering attacks, modern forms, and attributes of susceptible users, including the important role of social media in helping attackers create highly targeted attacks.
Significant amounts of sensitive data continue to be exposed by unintended data disclosures not precipitated by social engineering attacks. While organizations are awash in broad guidelines for the implementation of training programs, most guidelines do not provide details on the most common and most damaging types of breaches. A detailed analysis of the Privacy Rights Clearinghouse database of data breaches reveals patterns of errors that end users make that can inform highly targeted training programs. Summarization of detailed data in service of more focused end-user training is one goal of this proposed talk.