top of page


Matthew Canham, Shanée Dawkins, Jody Jacobs

This study investigated factors influencing repeat clicking behavior in phishing attacks, focusing on individual characteristics like personality traits and expertise, social engineering tactics using the NIST Phish Scale, and contextual influences such as world events. Participants were surveyed on their individual differences and exposed to multiple phishing email campaigns to assess their susceptibility.

Matthew Canham

The study identifies two distinct employee groups regarding phishing susceptibility: repeat clickers, who frequently fall for phishing attacks, and protective stewards, who reliably detect and report phishing attempts. Factors like confidence in email judgment and checking habits differ between these groups, suggesting varying levels of vulnerability to cyber threats.

Stefan Sütterlin, Torvald F Ask, Sophia Mägerle, Sandra Glöckler, Leandra Wolf, Julian Schray, Alava Chandi, Teodora Bursac, Ali Khodabakhsh, Benjamin J Knox, Matthew Canham, Ricardo G Lugo

This study explores how political attitudes and agreement with message content influence individuals' ability to recognize AI-generated deep fakes, which are increasingly used in targeted cyber attacks and influencing public opinion. Participants assessed videos of politicians' statements, half of which were fabricated using lip-sync technology, evaluating both authenticity and agreement with the content.

Torvald F. Ask, Ricardo Lugo, Stefan Sütterlin, Matthew Canham, Daniel Hermansen, Benjamin J. Knox

Cognitive Warfare uses technology to shape how people think and act. Defending against it requires understanding its goals and methods, which can target human and nonhuman cognition. Existing frameworks don't universally categorize these strategies. The UnCODE system proposes a neurocentric approach to classify Cognitive Warfare goals, aiming to be practical for decision-makers across different contexts and species.

Stefan Sütterlin, Benjamin J. Knox, Kaie Maennel, Matthew Canham, Ricardo G. Lugo

This explores how digitalization in healthcare aims to enhance prevention, treatment, and efficiency while discussing its potential impact on achieving sustainable health goals, focusing on cybersecurity, privacy concerns, and trust in healthcare systems. It emphasizes the need for governance and policies to ensure long-term sustainability and effectiveness of digital health investments, as recognized by the WHO.

Matthew Canham, Stefan Sütterlin, Torvald Fossåen Ask, Benjamin James Knox, Lauren Glenister, Ricardo Gregorio Lugo

Humans inherently interpret ambiguous information, demonstrated in psychological tests and ambiguous figures, which can be exploited in information operations. ASID attacks capitalize on this by introducing culturally consistent narratives, ambiguous stimuli, promoting hypervigilance, and utilizing social networks. These low-risk tactics are attractive to adversaries in grey-zone conflicts due to their potential for significant influence with minimal investment.

Matthew Canham & Juliet Tuthill

This argues that traditional passive information security measures are inadequate against attackers, suggesting the adoption of Social Engineering Active Defense (SEAD) as more effective. It advocates for Offensive Countermeasures (OCM) including annoyance, attribution, and attack tactics to deter and identify attackers. It proposes using synthetic media and automated SEAD methods to counter online threats effectively.

Matthew Canham, Clay Posey, Michael Constantino

The 'Phish Derby' competition at a U.S. university explored how employees respond to phishing emails, revealing that past experience, age, education, and computer platform use influence reporting accuracy. Personality traits such as extraversion and agreeableness, along with a learning-focused goal orientation, were associated with lower detection rates, highlighting the need for comprehensive cybersecurity training strategies.

Ben D. Sawyer, Dave B. Miller, Matthew Canham, and Waldemar Karwowski

This discusses automation, autonomy, and artificial intelligence (AI) as technologies that augment human capabilities, offering non-human effort. It highlights the historical pursuit of machines capable of human-like tasks since the 1950s, evolving into the concept of Artificial General Intelligence (AGI). These technologies, driven by machine learning, aim to enable machines to learn, understand, and adapt similarly to humans, albeit in more specialized contexts, emphasizing the integration of human factors in complex systems design.

Matthew Canham

How can we be sure we're talking to the right person? Deepfake technology poses significant risks by enabling scammers to impersonate individuals using synthetic media, leading to increased vulnerabilities in communication and security. Effective countermeasures, such as security policies and enhanced authentication methods, are crucial to mitigate these threats in today's digital landscape.

Matthew Canham, Clay Posey, Delainey Strickland, Michael Constantino

This study focuses on how employees influence cybersecurity in organizations, highlighting their actions in response to phishing attacks. It categorizes employees into groups based on their behaviors, such as clicking on phishing links or reporting them, providing valuable insights for improving cybersecurity strategies.

Courtney Crooks, Tom McNeil, Ben Sawyer, Matthew Canham, David Muchlinski

Influence operations involving propaganda and disinformation pose a serious threat to the United States, necessitating the development of responsive countermeasures capable of anticipating adversarial tactics in real-time. A significant challenge lies in the absence of a comprehensive testing environment for evaluating detection algorithms and tools. Integrating social sciences with applied mathematics can facilitate the study of complex social phenomena and behavior, crucial for designing effective social engineering countermeasures that bolster national security.

Matthew Canham, Clay Posey, and Patricia S. Bockelman

The study highlights the overlooked role of unintentional human error in information security, despite its significant contribution to security breaches. It proposes creating a structured framework and terminology based on safety research to classify and analyze these errors across different organizational contexts, aiming to enhance security education and training programs.

Matthew Canham et al

This paper addresses the significant security risk posed by Repeat Clickers in organizations, emphasizing the need to understand the causes of this behavior, which may stem from individual traits, cultural influences, situational factors, or social engineering tactics. It argues that mitigating this risk requires a deeper understanding of these factors to enhance organizational security effectively.

Matthew Canham, Ben D Sawyer

Applied neuroscience now enables both scientific exploration of the mind's workings and intelligence gathering from individual minds through advanced neuroimaging techniques. These methods leverage electro-optical energy to extract specific information from the brain, even without cooperation. As the brain's processes become accessible for analysis and potential influence, we are entering an era where the human brain is increasingly considered a system that can be both observed and potentially manipulated for various purposes.

Matthew Canham, Stephen M Fiore, Bruce D Caulkins

Cyber-attacks pose significant risks in modern times, with some targeting Industrial Control Systems to manipulate sensor and control data, potentially causing severe damage like the infamous Stuxnet worm. Detecting such attacks remains challenging as automated systems are not yet consistently effective, necessitating ongoing human involvement in their protection. Proposed solutions include training programs aimed at enhancing defense capabilities for Industrial Control Systems.

Clay Posey, Matthew Canham

Employees often balance productivity with adherence to cybersecurity policies, which can reduce performance rates and increase stress due to conflicting responsibilities. Organizational culture plays a crucial role as employees weigh the emphasis on productivity versus cybersecurity goals when deciding whether to comply with policies, with decisions often influenced by both rational analysis and habitual behavior.

Mary Hegarty, Matt Canham, Naomi Shimozawa

This study aims to explore how individuals utilize domain-specific knowledge to interpret complex graphical displays, particularly in meteorology, where such displays are critical for understanding current weather conditions and predicting future changes based on meteorological principles.

Matthew S Canham, Jennifer Wiley, Richard E Mayer

The study investigated how students' training in procedural or conceptual binomial probability affected their performance in computer-based collaborative tasks. It found that pairs with similar training excelled at standard problems, while those with diverse training performed better on transfer tasks, highlighting the nuanced impact of training coherence on collaborative problem-solving outcomes.

bottom of page