In April 2016 DART research group held it’s 2nd Pracademics BarCamp for Digital Decisions. The day saw industry and academia coming together to gain insight into behaviours that can foster a safer cyber environment for all. Attendees enjoyed presentations from behavioural scientists with expertise in decision-making research and a participatory panel discussion with practitioners and stakeholders.
The workshop sought to address issues arising in relation to the human dimension of cyber security with a particular focus on risks and safety in web-connected organisations. Read on for presentations, podcasts and more.
The morning sessions saw three presentations from behavioural scientists explaining how their latest work is being applied to cyber security and cyber safety.
Cybercrime victimization and the human factor
Prof Wouter Stol – Cyber Safety Research Group Dutch NHL University of applied sciences
The human factor is the weakest link in cyber security. Consequently, cyber security demands that we immerge ourselves into human behaviour and human decision making. Wouter Stol, professor in Cybersafety at the Open University in the Netherlands, the Dutch Police Academy and the Dutch NHL University of Applied Sciences, will present some research findings with respect to cybercrime (‘the new high volume crime in our society’), cybercrime victimization among citizens and SME’s, cybercrime crime scripts, and the gap between technological solutions and the human factor. The findings lead to the conclusion that we need to know more about human decision making in the context of cybercrime (e.g. why do people take security measures? why do they fall victim of cybercrime in spite of the measures taken? why do they fall for a phishing attack in spite of all the warnings?).
Risks and rewards of unlawful file sharing
Dr Piers Fleming – School of Psychology University of East Anglia
Unlawful file sharing (‘piracy’) remains a signi cant global issue with potentially severe punishments. However, increasing the perception of legal risk has had limited success in reducing unlawful content sharing by the public. This research examines to what extent file sharing is motivated by perceived benefits rather than perceived legal risks. It also examines the relationship between perceived risk and benefits as well as potential moderators including: trust in industry and legal regulators, and perceived online anonymity. A large two-part survey of consumers of music (n = 658) and eBooks (n = 737) was carried out online. Perceptions of benefit, but not legal risk, predict stated file sharing behaviour. As perceived benefit increases, perceived risk falls – indicative of an affect heuristic. This relationship increased under high regulator and industry trust (which actually increases perceived risk in this study) and low anonymity (which also increases perceived risk). Given the limited impact of perceived risk for this online behaviour more attention should be paid to perceived bene t of risky and safer alternatives.
This paper has recently been published : Watson, S. J., Zizzo, D. J. and Fleming, P. (2016), Risk, Benefit, and Moderators of the Affect Heuristic in a Widespread Unlawful Activity: Evidence from a Survey of Unlawful File-Sharing Behavior. Risk Analysis. doi:10.1111/risa.12689
Privacy, human decision processes, and cognitive interactivity
Prof Gaëlle Vallée-Tourangeau – DART Research Kingston Business School
By 2015, roughly half the world population had access to the internet. The exponential expansion of cyberspace and the internet of things comes with unprecedented levels of globalisation, interactions, and “big” databases. Humans are more and more embedded in a meshwork of data and computers. It also raises uncharted security challenges. This talk will focus on cyber security risks towards information including threats to the confidentiality, availability, or integrity of information. While such threats may arise from technology failures or natural disasters, more often than not, they originate in human behaviour. People’s actions (or inactions) may be intention- al or accidental, planned or automatic, malevolent or pragmatic. To gain in- sight in those behaviours, we need to better understand how people think and make decisions in cyber environments. To this aim, I will argue that we need to go beyond the classical information-processing view of the human mind as a computer. I will introduce the systemic thinking model (SysTM), which conceives human thoughts and decisions as emerging from people’s interactions with their immediate environment in a system characterised by environmental affordances (i.e., action possibilities) and human motives and capabilities. I will conclude by providing examples of how SysTM could be leveraged to better understand the human element in cyber systems and mitigate against cyber security risks caused by human behaviour.
During the afternoon session participants had a chance to share experiences and knowledge about the main security challenges raised by human behaviour.
what behaviour changes should we seek to implement to improve cyber safety in organisation?
Mr Patrick Nuttall– Head of LDSC
Mr Leron Zinatullin – Information Security Specialist , KPMG
Mr David Ferbrache OBE – Technical Director for cybersecurity, KPMG
Mr Carl Hunt – Senior Manager, KPMG
moderator: Prof Umut Turksen – Kingston Law School
If you would like any further information regarding the day events please don’t hesitate to contact us. We’d like to thank those who attended and participated at the workshop.
Want to be informed of future DART news and events please subscribe here.