Revolutionizing Social Engineering Awareness Raising, Education and Training: Generative AI-powered Investigations in the Maritime Domain

Innovation in generative Artificial Intelligence (AI) has already been leveraged by cybercriminals to deliver AI-powered social engineering attacks, specifically phishing. This advancement adds to the challenges the cybersecurity community is facing, such as lack of motivation to change unsafe behaviors and low engagement with awareness raising, education and training activities. Often, the problem is attributed to the fact that activities communicate the same message across different audiences. This approach is not helpful to assist people relating to the problem, realizing the threat and how it can be transformed. To build cyber resilience against phishing, the workforce needs to realize how phishing can be delivered in the context of their working environment and what aspects a cybercriminal can leverage to make the attack more realistic and plausible. This requires the design of awareness raising, education and training activities that can deliver highly tailored and context-aware messages to different audiences, considering their job role and responsibilities. Generative AI has already demonstrated an ability of high degree of creativity which is imperative for creating tailored and effective awareness raising and training content. This study investigates how generative AI can be leveraged by stakeholders, such as educators and trainers, to develop phishing-tailored attack scenarios. The scenarios can be embedded in awareness raising and training activities that can be delivered e.g. over cyber ranges, aiming to enhance the workforce’s cyber resilience against phishing attacks. Investigations are performed in the context of the maritime domain.