Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

To see the latest studies from pioneering academics, scroll down.

The objective of this work is to propose a new perspective in understanding the phenomenon of online behaviors, termed the privacy paradox, i.e., worry on preserving personal data and contents, but a little attention to disclose them, and thus introducing the new definition of e-people. The provocative hypothesis of this study regards the internet users who, in the Big Data era, are affected by a common covariation of being e-popular/e-visible, e-narcissist, e-(socially)-accepted, e-remembered. These e-behaviors will be conceptually gathered under the term of Achilles’ paradigm. A structured web-questionnaire was submitted to a convenience sample of 198 internet users. First and second-order confirmatory factor analyses together with latent means models concretely supported the existence of the Achilles’ paradigm and its impact
 
Scholars and commentators often argue that individuals do not care about their privacy, and that users routinely trade privacy for convenience. This ignores the cognitive biases and design tactics platforms use to manipulate users into disclosing information. This essay highlights some of those cognitive biases – from hyperbolic discounting to the problem of overchoice – and discusses the ways in which platform design can manipulate disclosure. It then explains how current law allows this manipulative and anti-consumer behavior to continue and proposes a new approach to reign in the phenomenon.
 
This study applies social contract theory to examine whether perceptions of a social contract explains adaptive behavior to safeguard online privacy. We (1) identify and (2) estimate the prevalence of subgroups that differ in their perceived “social contract” (based on privacy concerns, trust, and risk), and (3) measure how this perceived social contract affects adaptive online behavior. Using a representative two-wave panel survey (N = 1,222), we distinguished five subgroups of internet users; the highly-concerned, wary, ambivalent, neutral (the largest group), and carefree users. The former three were more likely to adapt their behavior than the latter two subgroups. We argue that the implied social contract represents an important construct that helps to identify whether individuals engage in privacy protection behavior.
 
Most often, security breaches are related to internal employees due to their indirect or direct actions leading to information security policy (ISP) violations. Therefore, understanding employees’ intrinsic motivation and security behaviour towards ISP compliance is critical. Previous studies have identified different types of extrinsic motivation, such as complying with an ISP to avoid sanctions. This research adds an important contribution: intrinsic motivation is a more effective motivator because deterrence does not have a significant effect on employee behaviour. This thesis proposes a model which predicts that intrinsic motivation influences intentions towards ISP compliance. A combination of qualitative and quantitative approaches was used to evaluate the model via five stages.
 
The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change. Benefiting from research in other fields, we propose a new mindset i.e. “Cybersecurity, Differently”. This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The “differently” mindset acknowledges the well-intentioned human’s ability to be an important contributor to organisational cybersecurity, as well as their potential to be “part of the solution” rather than “the problem”. In essence, this new approach initially treats all humans in the system as if
  ,
This paper explained the role of AI in cyber security and proposes recommendation how organizations are benefitting from AI in cybersecurity. Machine learning, a component of AI, applies existing data to constantly improve its functions and strategies over time. It learns and understands normal user behaviour and can identify even the slightest variation from that pattern. But besides gathering information to detect and identify threats, AI can use this data to improve its own functions and strategies as well. In this paper, we research existing obfuscation and de-obfuscation techniques which currently are applied to the android applications, then suggest the de-obfuscation platform based on LLVM (Low-Level Virtual Machine) to perform de-obfuscation process more efficiently. Also, AndrODet solution, an online learning
 
The nature of crime is changing — estimates suggest that at least half of all crime is now committed online. Once everyday objects (e.g. televisions, baby monitors, door locks) that are now internet connected, collectively referred to as the Internet of Things (IoT), have the potential to transform society, but this increase in connectivity may generate new crime opportunities. Here, we conducted a systematic review to inform understanding of these risks. We identify a number of high-level mechanisms through which offenders may exploit the consumer IoT including profiling, physical access control and the control of device audio/visual outputs. The types of crimes identified that could be facilitated by the IoT were wide ranging and included burglary, stalking, and sex crimes
  ,
Smartphones contain a significant amount of personal data. Additionally, they are always in the user’s possession, which allows them to be abused for tracking (e.g., GPS, Bluetooth or WiFi tracking). In order to not reveal private information, smartphone users should secure their devices by setting lock screen protection, using third party security applications, and choosing appropriate security settings (often, default settings are inadequate). In this paper, we mount a survey to explore user choices, awareness and education with respect to cybersecurity. In comparison with prior work, we take the user’s cybersecurity familiarity into consideration in the analysis of user practices as well as have a strong focus on the younger generations, Y and Z. Our survey findings suggest that most
  , ,
.In a world where artificial intelligence is one of the greatest assets, unmanned operations seem to be the future. The world of cybersecurity is witness to numerous system break-ins for the purpose of gaining access. One of the ways to gain access to systems is fulfilled by authentication, the process where an entity verifies who he or she claims to be to access a system. With network traffic increasing day by day, the bots form a huge chunk of the network traffic. Over the last few years, bots have been trained to imitate human beings to gain access to computer based systems. Traditional authentication methods are based on what we know, who we are and what we have, and can
  , ,
The privacy paradox states that people’s concerns about online privacy are unrelated to their online sharing of personal information. Using a representative sample of the German population, which includes 1403 respondents who were interviewed at three waves separated by 6 months, we investigate the privacy paradox from a longitudinal perspective, differentiating between-person relations from within-person effects. Results of a cross-lagged panel model with random intercepts revealed that people who were more concerned about their online privacy than others also shared slightly less personal information online and had substantially more negative attitudes toward information sharing (between-person level). Next, people who were more concerned than usual also shared slightly less information than usual (within-person level). At the same time, we found no
  , ,
Of the many challenges that continue to make detection of cyber-attack detection elusive, lack of training data remains the biggest one. Even though organizations and business turn to known network monitoring tools such as Wireshark, millions of people are still vulnerable because of lack of information pertaining to website behaviors and features that can amount to an attack. In fact, most of the attacks do not occur because of threat actors’ resort to complex coding and evasion techniques but because victims lack the basic tools to detect and avoid the attacks. Despite these challenges, machine learning is proving to revolutionize the understanding of the nature of cyber-attacks, and this study implemented machine learning techniques to Phishing Website data with the
  , , , , ,
This review examines the current trends in understanding the impact of individuals’ decisions to either disclose information or continue to conceal it. As a whole, the evidence points to a relative benefit of disclosure over secret-keeping, but with clear cases, in which disclosure may be harmful. Advances in knowledge about factors that shape that impact, new research on the role verbal rumination with a partner following disclosure, and attention to the role of communal coping as an outcome of traumatic disclosures are addressed. In addition, recent re-conceptualization of secret-keeping, and investigations into the burden experienced by confidants are reviewed. Finally, a call for greater attention to the culture-specific impacts of disclosure decisions is made.
  ,
The evolution of technology over the years has allowed people to more easily store, access, and share information on the Internet. People can bank online, shop, and post their latest life news. Unfortunately, all this available information has attracted the attention of cybercriminals who want to use this personal information for fraudulent purposes. A common technique used by cybercriminals to obtain sensitive information is a scam called phishing. Criminals pose as a trusted entity in order to trick victims into revealing sensitive information that they will later use to commit illegal money transfers, identity theft, or other fraud. The consequences of phishing scams may lead to the loss of data, money, identity, reputation, and trust. As a result, organizations and
 
Cybersecurity professionals in the federal government work on complex problems in organizations where they have multiple competing roles. In addition, the gap between workers with cyber skills and job openings means that current cybersecurity professionals must carry a heavy load. Combined, this can lead to stress that has negative consequences for their well-being. Positive psychology can help address this, particularly through enhancing positive experiences, leveraging character strengths, developing resilience skills, and building psychological safety. Resilience skills help cybersecurity professionals increase capacity their capacity to deal with uncertainty and build strong teams. Psychological safety supports and environment of innovation and professional development. These strategies are accessible ways for cybersecurity professionals to thrive in their work, improving their well-being as well as
 
The paper with the help of reinforcement learning techniques and its method helps to find the best techniques that can be used in cyber security to help defender protect the data against the attackers. The techniques have been used in a cyber security game and resulted in a game of an unfriendly consecutive decision making problem played between agents i.e. an attacker and a defender.
  ,
Few studies have examined the relationship between personality traits and social networking sites (SNSs) with a dominant concentration on the personality alterations under SNSs influence. The relationship between personality and privacy control was less focused and discussed. In order to figure out the internal mechanism of such link among youth SNSs users, the Theory of Planned Behavior (TPB) was extended by including Five-Factor Model of Personality to explore how personality traits interact with privacy control behavior on SNSs. The investigation using the theoretical method mentioned led to several hypotheses which were later assessed by an online study conducted within randomly chosen college students (N = 201) from two randomly chosen universities in China. This sampling strategy was designed to mimic the
  , , ,
Even with clear and often strict policies in place, with clear sanctions, employees still are considered to be the weakest link in the field of information security (IS). This paper seeks to find one explanation to this phenomenon in military context by exploring military cadets’ attitudes towards IS, as well as their reasons and justifications for using neutralisation techniques in order to transgress from organisational IS regulations. These techniques are as follows: Condemnation of the condemners, The Metaphor of the ledger, Denial of injury, Denial of responsibility, Appeal to higher loyalties and Defence of necessity. 144 military cadets completed a survey assessing their use of neutralisation techniques (Siponen & Vance 2010) in addition to assessing their personality by the Five
  , ,
Cyberattacks have a growing effect on business management. Organisations are increasingly focusing on human factors – how to train and evaluate people to minimise potential losses. One of the most scalable and practical ways to measure the human factor is to conduct a phishing experiment. Phishing is a type of cyber-attack that uses socially engineered messages to persuade humans to perform certain actions for the attacker’s benefit. There is considerable amount of literature on the topic of phishing – e.g. how it works and how to fight against it. However, there is not much discussion on the particular methods nor the specific process of conducting simulated phishing experiments. This paper suggests a mixed methods approach for conducting phishing experiments and
  , , ,
The paper specifically discusses selected publications that relate artificial intelligence (AI) in general, or machine learning (ML) in particular, to cybersecurity and specifically to the cybersecurity of system development and life cycle environments (SDLE) and their products.
  , ,
Phishing has been a major problem for information systems managers and users for several years now. In 2008, it was estimated that phishing resulted in close to $50 billion in damages to U.S. consumers and businesses. Even so, research has yet to explore many of the reasons why Internet users continue to be exploited. The goal of this paper is to better understand the behavioral factors that may increase one’s susceptibility for complying with a phisher’s request for personal information. Using past research on deception detection, a research model was developed to help explain compliant phishing responses. The model was tested using a field study in which each participant received a phishing e-mail asking for sensitive information. It was found
  ,