Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

To see the latest studies from pioneering academics, scroll down.

This paper builds on previous work and investigates what usability factors users prioritize and what demographic factors that affects the perception of usability factors. This is done through a survey answered by 1452 respondents from Sweden, Italy and UK. The results show that users prefer security functions to minimize resource consumption in terms of cost, device performance and time. The study further demonstrates that users want security functions to require as little effort as possible and just work. Further, the study determines that nation of residence and IT competence greatly impacts the perception of usability for security functions while gender and age do so to a much lesser exte

The world’s technological landscape is continuously evolving with new possibilities, yet also evolving in parallel with the emergence of new threats. Social engineering is of predominant concern for industries, governments and institutions due to the exploitation of their most valuable resource, their people. Social engineers prey on the psychological weaknesses of humans with sophisticated attacks, which pose serious cyber security threats to digital infrastructure. Social engineers use deception and manipulation by means of human-computer interaction to exploit privacy and cyber security concerns. Numero

This work aims to hypothesise a possible holistic architecture for specific human behaviour factors involved in cyber security risks. A good cyber security habit could prevent incidents and protect against attacks. Habits are mostly initiated automatically. Therefore, they can dominate personal behavioural patterns under specific circumstances. Genetic heritability of impulsiveness is considered as moderate from 33% to 50%. Genomic data study of particular individuals can help identify one’s behaviour patterns and show the risks in cyber security for that individual. An individual risk profile could be gen

The work aims to build a formal ontology-based model for cyber security risk assessment that considers digital human characteristics. A multi-layered architecture solution was build as a proof of concept to maintain a set of artificial intelligence algorithms and specially developed questionnaires for data gathering and processing. The prototype enabled us to organise a small scale experiment to validate trait analysis methods. Also, it opened further research directions.

What is becoming apparent is that we need a better understanding of the human aspects of cyber security not only in terms of its impacts on organisations, communities and individuals but also in terms of how human behaviour itself contributes to cyber security-related incidents. This is a challenge. A cohesive understanding of the human aspects of cyber security is only possible through an interdisciplinary approach that includes both behavioural and social sciences alongside information technology and computer security. Therefore, the aim of this special issue is to contribute to our understanding of the social and cultural factors of cyber security by bringing together research from unique

In this work we carry out a scoping review to investigate the take of the computer science community on the human-centric cyber security paradigm by considering the top conferences on network and computer security for the past six years. Results show that broadly two types of users are considered: expert and non-expert users. Qualitative techniques dominate the research methodology employed, however, there is a lack of focus on the theoretical aspects. Moreover, the samples have a heavy bias towards the Western community, due to which the results cannot be generalized, and the effect of culture on cybersecurity is a lesser known aspect.

Although the pandemic is certainly not the first occurrence of socially disruptive circumstances that drive cyber criminals to action, relevant academic scholarship has remained scarce. To fill this gap in literature, and propose the analytical framework of mazephishing that places particular emphasis on the importance of credible social context in the functioning of the online scam ecosystem, we carried out a content analysis of international news stories reporting on social engineering attacks. Our results indicate that criminals make heavy use of social context and impersonation to make scams seem more credible, including health information, personal protective equipment, cures, fi

The questions this project addressed include: How is social engineering used to deploy malware? What is the economic impact of successful malware/ransomware attacks? What security measures can be implemented to help mitigate these attacks? This research focuses on identifying the anatomy of ransomware attacks and the different attack vectors used to deploy them. Attempted ransomware attacks and the approach the U.S. government, along with organizations, is adopting to prevent and mitigate this risk are also examined and suggestions made for further research. The implementation of the proposed preventive measures for network administrators to make organizations and enterprises resilient, more

The need for new threat models is considered first through a study of user behavior and perceptions of norms with respect to phone sharing and access behaviors in romantic relationships. We find that most people give their partner access to their phone but often have negotiated boundaries on usage of that access, and consensus that whatever access exists ought to be mutual, and consensual, and – I argue – technologically enforced. TFCC is then considered in the context of spyware; we find that hundreds of apps exist in app stores, many designed and advertised explicitly for partner surveillance. We discuss the social harms created by doxing, and find that changes in social media platforms’ a

Malicious scammers and social engineers are causing great harms to modern society. Knowledge about social engineering (SE) is wide-spread and it exits in non-academic papers and communication channels. Knowledge is mostly based on expert opinion and experience reports. Such knowledge, if articulated, can provide a valid source of knowledge and information. We performed the analysis of such sources and adopted grounded theory to extract the general knowledge behind SE. The study aims to understand the rationale of social engineers, capture the knowledge of SE attacks and extract important information from the sources, propose an activity for counteracting SE attacks, and how it can be used in

Social engineering is influencing someone to gain something to yourself but it can be used in a malicious and criminal purposes also. The task was to investigate what different methods are used and how it is used as a tool in cyber attacks. The statistics were analysed what attacks were used the most and how many attacks have been done compared to other years. Analysing the attacks should give more knowledge of what should be made different and how to avoid the situations in the future. Some guidelines were added at the end of study of how oneself could be protected against social engineering attacks.

In today’s digital world, everyone interacts with technology in one way or another, which leaves all technology users vulnerable to psyber security attacks. Because of the recent emergence of the subject of psyber security, and the infantile stage of research pertaining to it, the scope of future work in this area is quite plentiful. There are different directions of possible work in this topic, and one of the most relevant is healthcare field. The importance of psyber security is indeed synonymous with the need to validate information to earn credibility, therefore reducing anxiety, stress, and other psychological disorders. In this context, consider the case for authentication-based inform

To understand employee negative perceptions of SETA programs, researchers conducted in-depth interviews with 20 Australian employees regarding their experiences with both SETA programs and non-cybersecurity related workplace training. As expected, employees had a generally poor view of SETA programs. They reported that the same factors that are important for effective non-cybersecurity training are also important for SETA programs, such as management role modelling and well-designed workplace systems. From an applied perspective, these findings can explain why employees often do not engage with cybersecurity training material, and how their current beliefs can influ

Saudi Arabia has seen an enormous growth in Internet usage over the past few years. With increasing adoption of this technology has come a rise in cyber crime, often enabled through use of social engineering. Phishing is a prime example, aiming to deceive users into revealing personal data. The paper describes efforts to understand individuals’ responses to phishing attacks through application of the Theory of Planned Behaviour (TPB). It reports a survey that considers three common social engineering persuading strategies, Authority, Social Proof and Scarcity. Results show correlations between these strategies and TPB. In particular, between attitude and intention to respond under the Author

The purpose of this Causal-Comparative quantitative study was to develop an increased understanding of the different generations and how they perceive risk and to what extent they are comfortable using Fitbit devices in an everyday setting. This study was conducted via the Internet and SurveyMonkey Audience to provide a sample of 528 participants representing the continental United States. In each of the research questions, the researcher found evidence to support the alternate hypothesis that generational influences indeed exist in the knowledge, perception of risk, security, and usability of Fitbit devices. Opportunities exist for extending this research, both in the current Fitbit devices

With the rise of technology in every facet of daily life, the increased conveniences come with multiple security risks. When imagining cyber security, the focus is generally on the protection of personal information, and the technology that stores this information. However, cyber-attacks can come in multiple forms. The term psyber security refers to the subject of securing the mental health, including protection of the human psychological wellbeing from the psychiatric consequences of technology usage. With 1,473 reported cybersecurity breaches, the aftermath of these attacks extends beyond the technical repercussions. Pertaining to the human wellbeing aspect, these incidents also translate

In this paper, we discuss phishing as one of the attack types used in social engineering. Phishing attacks will be discussed by simulating a process between two different devices in two different networks. An experimental penetration test was performed on one of the local network devices to obtain data and information of the victim. The experiment involves sending fake email containing a link to a fake website in order to persuade the victim to enter personal data logs into the fake website. The experiment illustrates the ways in which an attacker may defraud the victim. In addition, the experiment contributes to the protection from and avoidance to exposure of this type of attack.

This study is exploratory and descriptive research that aims to establish the human factors that make the standard user susceptible to cyber-attacks in times of pandemic. A literature review of cybersecurity attacks and conflict scenarios registered during the COVID-19 pandemic was first applied during the investigation. Several innovative strategies are proposed to minimize attacks by advanced threat actors and their impact on users. These strategies are useful for governments to improve communication with citizens and develop critical thinking on citizens to face fake news.

COVID-19 pandemic has changed the lifestyle of all aspects of life. As such, full dependence on the unsafe Internet network in running all aspects of life. These conditions have created a fertile environment for cyber criminals to grow their activity and exploit the pressures that affected human psychology to increase their attack success. The purpose of this paper is to analyse the data collected from global online fraud and cyber security service companies to demonstrate on how criminals exploit crisis, and for the need to develop strategies and to enhance user awareness for better detection and prevention of future cyber crimes.

Due to the Covid-19 pandemic, all citizens are required to stay at home and most of their times have been used on the internet leading to cyber criminal, especially on older adults. Using the Information Security Awareness Model (ISACM) and the Situation Awareness Cybersecurity Education Model (SAOCE), this study aims to develop a cyber security awareness model that can assist the elderly from attacks in cyber space. The result revealed that organisation factors significantly related to cybersecurity awareness, meanwhile for social and individual factors are found less significant to cybersecurity awareness. With the development of cybersecurity awareness model, we are confident that our mod