Search for: All records

Multifactor authentication (MFA) is one of the most important security controls, topping most lists of cyber hygiene activities advocated by experts. While the security benefits may be substantial, less attention has been paid to the impact on users by the added friction introduced by the more stringent precautions. In this paper, we construct and analyze a dataset of authentication logs from a University population spanning two years. We focus on opportunity costs experienced by users: (1) log-in failures and (2) the time spent away from IT applications following a failed authentication before attempting to re-authenticate. The second measure captures how user frustration can manifest by avoiding or delaying future engagement after experiencing failures. Following an exogenous change in MFA policy from a deny/approve mobile notification to a more cumbersome two-digit code mobile notification confirmation, we show that there are significant increases in the number of log-in failures and in time spent away following failures when using mobile MFA. We also briefly examine which types of users had the greatest difficulty adjusting to the more secure mobile MFA procedure. 

Cybersecurity risk presents a significant and growing challenge for firms. Understanding better how firms are defending themselves can help answer important questions about which controls are more effective and whether firms are investing enough in their defenses. Unfortunately, data on firm-level cybersecurity investments have been difficult for researchers to obtain at large scale. This paper describes a method for constructing firm-level cybersecurity posture metrics by aggregating a selection of data on security products tracked in the SWZD Company Information database. Our exploratory analysis demonstrates this dataset's value in enriching cybersecurity research, offering novel perspectives that could shape sector-specific best practices and enable empirical evaluation of security controls. 

The amphibian declines are compounded by emerging pathogens that often preferentially target distinct amphibian developmental stages. While amphibian immune responses remain relatively unexplored, macrophage (Mφ)-lineage cells are believed to be important to both amphibian host defenses and to their pathogen infection strategies. As such, a greater understanding of tadpole and adult amphibian Mφ functionality is warranted. Mφ biology is interdependent of interleukin-34 (IL-34) and colony-stimulating factor-1 (CSF-1) cytokines and we previously showed that CSF-1- and IL-34-derived Mφs of the Xenopus laevis frog are morphologically, transcriptionally, and functionally distinct. Presently, we directly compared the cytology and transcriptomes of X. laevis tadpole and frog CSF-1- and IL-34-Mφs. Our results indicate that tadpole and frog CSF-1-Mφs possess greater non-specific esterase activity, typically associated with Mφ-lineage cells. By contrast, both tadpole and frog IL-34-Mφs have greater specific esterase activity, which is typically attributed to granulocyte-lineage cells. Our comparisons of tadpole CSF-1-Mφ transcriptomes with those of tadpole IL-34-Mφs indicate that the two tadpole populations possess significantly different transcriptional profiles of immune and non-immune genes. The frog CSF-1-Mφ gene expression profiles are likewise significantly disparate from those of frog IL-34-Mφs. Compared to their respective tadpole Mφ subtypes, frog CSF-1- and IL-34-Mφs exhibited greater expression of genes associated with antigen presentation. Conversely, compared to their frog Mφ counterparts, tadpole CSF-1- and IL-34-Mφs possessed greater levels of select Fc-like receptor genes. Presumably, these cytological and transcriptional differences manifest in distinct biological roles for these respective tadpole and frog Mφ subtypes. 

As the number of cryptocurrencies has exploded in recent years, so too has the fraud. One popular strategy is when actors promote coordinated purchases of coins in hopes of temporarily driving up prices. Prior work investigating such pump and dump schemes has focused on the immediate impact to prices following pump signals, which were largely interpreted as following the same strategy. The reality, as with most cybercrimes, is that the operators of the schemes try out a much more heterogeneous mix of tactics. From a population of 12,252 pump signals observed between July 2017 and January 2019, we identify and examine 3,683 so-called target-based pump signals that announce promoted coins alongside buy and sell targets, but without a coordinated purchase time. We develop a strategy to measure the success of target pumps over longer time horizons. We find that around half of these pumps reach at least one of their sell targets, and that reaching their peak price often takes days, as opposed to the seconds or minutes required in pumps studied previously. We also examine the various groups promoting coins and present evidence that groups try a variety of distinct strategies and experience varying success. We find that the most successful groups promote many coins and issue many pumps, but not for the same coins. As decentralized finance becomes more popular, a deeper understanding of price manipulation techniques like target pumps is needed to combat fraud. 

Thousands of new cryptocurrencies have been introduced in recent years. Most are introduced with a so-called "whitepaper" containing a mix of technical documentation, legal boilerplate and marketing material. Notably, many proposed currencies reuse text from previous established cryptocurrencies. We analyze the whitepapers from 1 260 actively traded cryptocurrencies and 2 039 ICOs. We develop two measures of similarity. Moderately similar papers reuse text in a portion of the paper, often the legal disclaimers. By contrast, some highly similar whitepapers appear to copy most of the text. 4% of coin and 19% of ICO whitepapers are highly similar to those of traded coins. The fraction rises to 64% for coins and 67% for ICOs when we consider moderate text reuse. 

Since Bitcoin’s introduction in 2009, interest in cryptocurrencies has soared. One manifestation of this interest has been the explosion of newly created coins and tokens. In this paper, we analyze the dynamics of this burgeoning industry. We consider both cryptocurrency coins and tokens. The paper examines the dynamics of coin and token creation, competition and destruction in the cryptocurrency industry. In order to conduct the analysis, we develop a methodology to identify peaks in prices and trade volume, as well as when coins and tokens are abandoned and subsequently “resurrected”. We also study trading activity. Our data spans more than 4 years: there are 1082 coins and 725 tokens in the data. While there are some similarities between coins and tokens regarding dynamics, there are some striking differences as well. Overall, we find that 44% of publicly-traded coins are abandoned, at least temporarily. 71% of abandoned coins are later resurrected, leaving 18% of coins to fail permanently. Tokens experience abandonment less frequently, with only 7% abandonment and 5% permanent token abandonment at the end of the data. Using linear regressions, we find that market variables such as the bitcoin price are not associated with the rate of introducing new coins, though they are positively associated with issuing new tokens. We find that for both coins and tokens, market variables are positively associated with resurrection. We then examine the effect that the bursting of the Bitcoin bubble in December 2017 had on the dynamics in the industry. Unlike the end of the 2013 bubble, some alternative cryptocurrencies continue to flourish after the bursting of this bubble. 

Insurance premiums reflect expectations about the future losses of each insured. Given the dearth of cyber security loss data, market premiums could shed light on the true magnitude of cyber losses despite noise from factors unrelated to losses. To that end, we extract cyber insurance pricing information from the regulatory filings of 26 insurers. We provide empirical observations on how premiums vary by coverage type, amount, and policyholder type and over time. A method using particle swarm optimisation and the expected value premium principle is introduced to iterate through candidate parameterised distributions with the goal of reducing error in predicting observed prices. We then aggregate the inferred loss models across 6,828 observed prices from all 26 insurers to derive the County Fair Cyber Loss Distribution . We demonstrate its value in decision support by applying it to a theoretical retail firm with annual revenue of $50M. The results suggest that the expected cyber liability loss is $428K and that the firm faces a 2.3% chance of experiencing a cyber liability loss between $100K and $10M each year. The method and resulting estimates could help organisations better manage cyber risk, regardless of whether they purchase insurance.