Human-centric cyber security research: From trapping the bad guys to helping the good ones

The issue of cybersecurity has become much more prevalent over the last few years, with a number of widely publicised incidents, hacking attempts and data breaches reaching the news. There is no sign of an abatement in the number of cyber incidents, and it would be wise to reconsider the way cybersecurity is viewed and whether a mindset shift is necessary. Cybersecurity, in general, can be seen as primarily a human problem, and it is for this reason that it requires human solutions and tradeoffs. In order to study this problem, using two perspectives; that of the adversaries and that of the defenders, I investigated human activities in cybersecurity. The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. When a honeypot is built in such a way that an attacker is given the impression it represents a real system used by humans and organizations, it will yield useful insights. Identifying these threats requires an understanding of what attackers are looking for, and how they penetrate our network. It will therefore be possible to have a more secure and safe environment.