You are here

Awayr Security: Validating the NIST Phish Scale Toward Artificial Intelligence Approaches Toward Human Cybersecurity

Award Information
Agency: Department of Commerce
Branch: National Institute of Standards and Technology
Contract: 70NANB20H121
Agency Tracking Number: 015-FY20-77
Amount: $99,999.41
Phase: Phase I
Program: SBIR
Solicitation Topic Code: 9.0
Solicitation Number: 2020-NIST-SBIR-01
Timeline
Solicitation Year: 2020
Award Year: 2020
Award Start Date (Proposal Award Date): 2020-09-01
Award End Date (Contract End Date): 2021-02-28
Small Business Information
500 Massachusets Ave., Cambridge, MA, 02139
DUNS: 801091280
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Adam Beal
 (303) 350-9175
 beal@getawayr.com
Business Contact
 Adam Beal
Phone: (303) 350-9175
Email: beal@getawayr.com
Research Institution
N/A
Abstract
Remote operated social engineering (ROSE) attacks account for a surprising share of successful cyberattack. For example, The Verizon Data Breach Incident Response 2019 report found that approximately 94% of all malicious code was introduced into systems via email. Threat actors, illegally, benefit from knowledge gained from repeated massive remote operated social engineering operations. Defensive actors can leverage simulation, but unlike the advanced state of computer penetration simulation, human behavior in the face of social engineering is presently not easy to simulate. This means that descriptive and predictive understanding of the human attack surface is vested in threat actors. Defensive forces today operate at a disadvantage, despite the efforts of a rapidly growing market: phishing alone is projected to grow to USD 1,401.6 Million by 2022. This clear and present problem is one Awayr can address through next-generation predictive models of vulnerability in cybersecurity. Specifically, this Phase I will prove out the technical and business feasibility of using NIST’s Phish Scale as the underpinning of Awayr Security. We will 1) validate the Phish scale using a cue-coded phishing email corpus, 2) explore the feasibility of automated cue detection systems, and 3) leverage this understanding toward a 5 year plan.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government