=Paper=
{{Paper
|id=Vol-3713/preface
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-3713/preface.pdf
|volume=Vol-3713
}}
==None==
https://ceur-ws.org/Vol-3713/preface.pdf
PREFACE
DAMOCLES: First International Workshop on Detection And Mitigation Of Cyber
attacks that exploit human vuLnerabilitiES
The pervasive nature of technology in our daily lives has significantly enhanced our world, yet
it has also left us vulnerable to cyber threats. By 2025, global cybercrime costs are projected
to soar to $10.5 trillion annually from $3 trillion in 2015. In this landscape, cyber attacks are
increasingly recognized as stemming not only from technological shortcomings but also from
human factors overlooked in the design of interactive systems. Reports from cybersecurity
leaders like IBM and Verizon reveal that as much as 95% of cyber attacks are attributable to
human errors, such as inadvertently opening phishing websites, downloading malware-
infected attachments, failing to update software, and using weak passwords. The challenges
were exacerbated during the pandemic, which exploited users' fear, stress, and distraction
while working remotely. Italian public administrations (PAs) are particularly targeted by cyber
criminals, facing a digitalization deficit underscored by the European Union's Digital Economy
and Society Index (DESI). This disparity is especially notable in cybersecurity, where Italian
PAs invest a mere 3% of their budgets significantly less than the private sector's 15% to 20%
allocation. Small and mid-sized government agencies, including schools, municipalities, and
agencies, struggle daily with limited financial and human resources that hinder their ability to
address cybersecurity concerns internally or through external consultation.
The imminent intensification of Italy's PA digitalization program, as promoted by the National
Recovery and Resilience Plan (PNRR), foresees an exponential increase in cyber threats. The
PNRR aims to leverage digital channels like websites and apps to enhance citizen access to
information and services. However, without a comprehensive cybersecurity strategy centered
on users, the sensitive data and services managed by PAs remain at considerable risk.
The DAMOCLES project enhances the digital defense of Italian public administrations (PAs)
against human error-related security incidents. It uses a framework with two components:
Human Vulnerability Assessment (HVA) and Human Vulnerability Mitigation (HVM). HVA
identifies risky behaviors through prevention (questionnaires), detection (simulated cyber-
attacks), and simulation (Digital Twins). HVM then uses these insights to create customized
training programs using various methods like podcasts and role-playing games. DAMOCLES
will be tailored to specific PAs through user-friendly approaches, ensuring easy adoption and
effectiveness in diverse environments.
To shed light on these critical issues, we organized the first edition of the DAMOCLES
workshop in conjunction with the 17th International Conference on Advanced Visual Interfaces
(AVI 2024), with the aim of opening the discussion to all interested researchers and
practitioners.
Twelve papers were originally submitted to the workshop. Eight of them, published in these
proceedings, were presented, in presence, and led to a fruitful discussion which involved the
authors and other attendees as well.
Several topics were addressed.
CEUR
ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
�The workshop showcased a wide range of topics and research inquiries within the
cybersecurity field, exemplified by the 8 quality submissions from esteemed universities
across Italy, featuring the participation of more than 26 researchers. Discussions explored
diverse aspects of cybersecurity, tackling significant challenges and presenting innovative
methodologies. Areas of focus included strategies to reduce human errors and cognitive
biases to enhance human-AI collaboration in cybersecurity, the utilization of white-box
techniques such as statistical model checking and process mining for validating threat models,
and the development of effective incident reporting systems to unlock insights from security
incidents. Additionally, submissions examined the influence of human factors on simulated
phishing campaigns and the application of machine learning techniques to benchmark fake
account datasets. Other topics investigated methods to combat vishing attacks through real-
time user guidance employing large language models, the role of human factors and
perception in cybersecurity education, and the creation of dynamic knowledge assessment
techniques for tailoring network traffic visual platform interfaces. These discussions
collectively highlighted the interdisciplinary nature of research on human factors in
cybersecurity and proposed innovative strategies to tackle intricate cybersecurity issues.
We are planning to have new editions of the international DAMOCLES workshop in the near
future, so as to foster the exploration of novel solutions, perspectives and challenges.
The workshop organizers
Bernardo Breve, University of Salerno
Giuseppe Desolda, University of Bari “Aldo Moro”
Vincenzo Deufemia, University of Salerno
Lucio Davide Spano, University of Cagliari
Copyright © 2024 for the individual papers by the papers' authors. Copyright © 2024 for the
volume as a collection by its editors. This volume and its papers are published under the
Creative Commons License Attribution 4.0 International (CC BY 4.0)
�