New Trends in Deception

They say, everything old is new again. That may be true, but it doesn’t diminish the fact that technology allows age-old principles and tactics to operate in ways and at scales previously unimaginable. So, what does that mean for deception?

This session will explore the topic of deception from multiple angles. We’ll start by looking at the psychological principles of deception and consider the application of deceptive techniques throughout history. With that foundation set, we’ll look at a number of new and scary ways cybercriminals, governments, and every day folk can easily mount highly effective deception-based attacks.

Empirically Evaluating the Effect of Security Precautions on Cyber Incidents

Available data on firm cybersecurity often exhibits a positive correlation between investment in security precautions and cyber attacks since investments are often made after a firm has been breached. In this talk, I will present econometric evidence that greater firm investment in cybersecurity does in fact yield results. Drawing from a comprehensive survey of Israeli firms, we find that organizations adopting a suite of six basic cybersecurity controls are less likely to subsequently experience incidents. We successfully establish this relationship by carefully an instrumental variable to compensate for unknowns in the timing of security investments that often plague empirical work in cybersecurity. These findings have significant public policy implications, especially as governments demand greater returns to cybersecurity investments that can be objectively evaluated. I will conclude the talk by discussing several strategies for gathering additional data to increase the evidence base for making sound cybersecurity decisions moving forward.