Related papers: Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting

Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting

URL: http://arxiv.org/abs/2511.22189v1
Date: Thu, 27 Nov 2025 07:55:15 GMT
Title: Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting
Authors: Matthias Pfister, Giovanni Apruzzese, Irdin Pekaric,
Abstract summary: We find that HR is targeted through job applications containing malware and executive impersonation, while accounting is exposed to invoice fraud, credential theft, and ransomware.<n>Based on these insights, we propose recommendations for designing awareness programs tailored to departmental needs.
Score: 2.188416707136253
License: http://creativecommons.org/licenses/by-sa/4.0/
Abstract: Many cyberattacks succeed because they exploit flaws at the human level. To address this problem, organizations rely on security awareness programs, which aim to make employees more resilient against social engineering. While some works have suggested that such programs should account for contextual relevance, the common praxis in research is to adopt a "general" viewpoint. For instance, instead of focusing on department-specific issues, prior user studies sought to provide organization-wide conclusions. Such a protocol may lead to overlooking vulnerabilities that affect only specific subsets of an organization. In this paper, we tackle such an oversight. First, through a systematic literature review, we provide evidence that prior literature poorly accounted for department-specific needs. Then, we carry out a multi-company and mixed-methods study focusing on two pivotal departments: human resources (HR) and accounting. We explore three dimensions: threats faced by these departments; topics covered in the security-awareness campaigns delivered to these departments; and delivery methods that maximize the effectiveness of such campaigns. We begin by interviewing 16 employees of a multinational enterprise, and then use these results as a scaffold to design a structured survey through which we collect the responses of over 90 HR/accounting members of 9 organizations. We find that HR is targeted through job applications containing malware and executive impersonation, while accounting is exposed to invoice fraud, credential theft, and ransomware. Current training is often viewed as too generic, with employees preferring shorter, scenario-based formats like videos and simulations. These preferences contradict the common industry practice of annual sessions. Based on these insights, we propose recommendations for designing awareness programs tailored to departmental needs and workflows.

Related papers

Agents of Chaos [50.53354213047402]
We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment.<n>Twenty AI researchers interacted with the agents under benign and adversarial conditions.<n>Our findings establish the existence of security-, privacy-, and governance-relevant vulnerabilities in realistic deployment settings.
arXiv Detail & Related papers (2026-02-23T16:28:48Z)
Are Your Agents Upward Deceivers? [73.1073084327614]
Large Language Model (LLM)-based agents are increasingly used as autonomous subordinates that carry out tasks for users.<n>This raises the question of whether they may also engage in deception, similar to how individuals in human organizations lie to superiors to create a good image or avoid punishment.<n>We observe and define agentic upward deception, a phenomenon in which an agent facing environmental constraints conceals its failure and performs actions that were not requested without reporting.
arXiv Detail & Related papers (2025-12-04T14:47:05Z)
When AI Agents Collude Online: Financial Fraud Risks by Collaborative LLM Agents on Social Platforms [101.2197679948061]
We study the risks of collective financial fraud in large-scale multi-agent systems powered by large language model (LLM) agents.<n>We present MultiAgentFraudBench, a large-scale benchmark for simulating financial fraud scenarios.
arXiv Detail & Related papers (2025-11-09T16:30:44Z)
Identity Theft in AI Conference Peer Review [50.18240135317708]
We discuss newly uncovered cases of identity theft in the scientific peer-review process within artificial intelligence (AI) research.<n>We detail how dishonest researchers exploit the peer-review system by creating fraudulent reviewer profiles to manipulate paper evaluations.
arXiv Detail & Related papers (2025-08-06T02:36:52Z)
Mapping Stakeholder Needs to Multi-Sided Fairness in Candidate Recommendation for Algorithmic Hiring [0.0]
This paper presents a multi-stakeholder approach to fairness in a candidate recommender system.<n>Job seekers, companies, recruiters, and other job portal employees were interviewed.<n>We use these interviews to explore their lived experiences of unfairness in hiring.
arXiv Detail & Related papers (2025-07-29T11:37:19Z)
Towards Principled Unsupervised Multi-Agent Reinforcement Learning [49.533774397707056]
We present a scalable, decentralized, trust-region policy search algorithm to address the problem in practical settings.<n>We show that optimizing for a specific objective, namely mixture entropy, provides an excellent trade-off between tractability and performances.
arXiv Detail & Related papers (2025-02-12T12:51:36Z)
The Only Way is Ethics: A Guide to Ethical Research with Large Language Models [53.316174782223115]
'LLM Ethics Whitepaper' is an open resource for NLP practitioners and those tasked with evaluating the ethical implications of others' work.<n>Our goal is to translate ethics literature into concrete recommendations and provocations for thinking with clear first steps.<n>'LLM Ethics Whitepaper' distils a thorough literature review into clear Do's and Don'ts, which we present also in this paper.
arXiv Detail & Related papers (2024-12-20T16:14:43Z)
Cybersecurity Challenge Analysis of Work-from-Anywhere (WFA) and Recommendations guided by a User Study [1.1749564892273827]
Many organizations were forced to quickly transition to the work-from-anywhere (WFA) model as a necessity to continue with their operations and remain in business despite the restrictions imposed during the COVID-19 pandemic.<n>This paper attempts to uncover some challenges and implications related to the cybersecurity of the WFA model.<n>We conducted an online user study to investigate the readiness and cybersecurity awareness of employers and their employees who shifted to work remotely from anywhere.
arXiv Detail & Related papers (2024-09-11T18:47:04Z)
A Safe Harbor for AI Evaluation and Red Teaming [124.89885800509505]
Some researchers fear that conducting such research or releasing their findings will result in account suspensions or legal reprisal. We propose that major AI developers commit to providing a legal and technical safe harbor. We believe these commitments are a necessary step towards more inclusive and unimpeded community efforts to tackle the risks of generative AI.
arXiv Detail & Related papers (2024-03-07T20:55:08Z)
Resolving the Human Subjects Status of Machine Learning's Crowdworkers [29.008050084395958]
We investigate the appropriate designation of ML crowdsourcing studies. We highlight two challenges posed by ML: the same set of workers can serve multiple roles and provide many sorts of information. Our analysis exposes a potential loophole in the Common Rule, where researchers can elude research ethics oversight by splitting data collection and analysis into distinct studies.
arXiv Detail & Related papers (2022-06-08T17:55:01Z)
Weaving Privacy and Power: On the Privacy Practices of Labor Organizers in the U.S. Technology Industry [2.446409405016844]
This study is situated at the intersection of two pivotal shifts in workplace dynamics: the increase in online workplace communications due to remote work and the resurgence of the labor movement. We investigate how labor organizers assess and mitigate risks to privacy while engaging in collective action. We conclude with design recommendations that can help create safer, more secure and more private tools to better address the risks that organizers face.
arXiv Detail & Related papers (2022-05-31T18:18:47Z)
Differentially Private Multi-Agent Planning for Logistic-like Problems [70.3758644421664]
This paper proposes a novel strong privacy-preserving planning approach for logistic-like problems. Two challenges are addressed: 1) simultaneously achieving strong privacy, completeness and efficiency, and 2) addressing communication constraints. To the best of our knowledge, this paper is the first to apply differential privacy to the field of multi-agent planning.
arXiv Detail & Related papers (2020-08-16T03:43:09Z)
Surveying Vulnerable Populations: A Case Study of Civil Society Organizations [9.467149414264039]
We conducted an anonymous online survey with 102 CSO employees to collect information about their perceived risks of different security and privacy threats. We uncovered several issues with our methodology, including the length of the survey, the framing of the questions, and the design of the recruitment email. We hope that the discussion presented in this paper will inform and assist researchers and practitioners working on understanding and improving the security and privacy of CSOs.
arXiv Detail & Related papers (2020-03-19T05:30:21Z)

This list is automatically generated from the titles and abstracts of the papers in this site.