Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection

Black Hat USA 2018

Presented by: Kingkane Malmquist
Date: Wednesday August 08, 2018
Time: 10:30 - 10:55
Location: Lagoon JKL

The purpose of an information security awareness program serves to protect business data through user education to properly handle constant information security threats and to minimize its impact to the individual and the organization. Past research has not offered comprehensive studies involving an established security awareness program that uses both end user training and marketing tools to communicate and create awareness. Instead, these studies focused on the impact of data loss and addressing the importance of establishing user awareness.

The Office of Information Security at Mayo Clinic has established an ongoing enterprise-wide security awareness program. With the help of Information Security Ambassadors to assist in the delivery of this message, the study explores the lived experiences of this peer group to determine the impact of autonomous peer influence as it relates to phishing detection than to rely on technology alone.

Significance of this research will help identify if and how much peer influence promotes learning and user adaptation to safeguard users from malicious phishing in both the business and the private environment. This phenomenological approach aims to assist in the designing of a multifaceted security awareness approach to promote behavior change among a diverse population.

Kingkane Malmquist

Kingkane Malmquist is an Information Security Analyst who works within Mayo Clinic's Office of Information Security by providing consultative support and analysis to further enhance the enterprise's ecosystem of people, processes, and technology. She recognizes the feeling of being secured does not always translate to being secured, and as our world becomes largely dependent on electronic data, the technology we use to help us feel secure only addresses half of the problem; the human element remains to be the first line of defense. Kingkane holds a BA in psychology and an MS in human services. She is a PhD candidate in healthcare administration at Walden University and is concluding her doctoral dissertation on the impact of developing a multifaceted security awareness approach to effectively promote organizational behavior change.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats