Human-centric cyber security : human psychological traits in cyber security behavioural intent
Date of Issue2017-01-12
Wee Kim Wee School of Communication and Information
In this digital age, information is transferred with such ease and speed that security is rarely taken into consideration. Hacking is referred to the activity portrayed in movies à la Mission Impossible, or simply taken for granted and assume that it is “someone else’s problem”. Security in the domain of Information Technology or digital space has been through a plethora of changes – attacks from viruses in the past were merely acts of mischief, devoid of serious criminal intent. Today, attacks are more serious. Attackers might range from activists to organized crime groups. Viruses have evolved into advanced malware capable of encrypting user’s computer system ergo paralysing users, or exfiltration of commercial information or even leaking state secrets. Defenses have also evolved alongside these malware, from simple signature-based detection to advanced sandboxing technology. However, the defenses are only as strong as the weakest link, the human. One of the most prevalent methods employed in recent years is phishing, where attackers use social engineering to understand victims and then launch an attack by spoofing, passing themselves off as a legitimate, trusted source. This research aims to understand the relationship of human psychological traits (Self-efficacy in Information Security, Internet Self-efficacy, Risk Propensity and Trust Propensity) and their effects on users’ Cyber Security Behavioural Intent in the Cyberspace. Users were surveyed based on questionnaires about their environment, digital competency, devices they interact with at work and at home, and their attitude towards risk, trust and cyber security. Relations are drawn to help in understanding whether certain psychological traits increase the tendency of a targeted cyber-attack.The findings of these relations would be especially useful since in the connected world, when one of the devices gets compromised, the rest within the same network will as well. If potential attack points can be pre-empted and proactive measures can be taken to prevent them, this will supplement the reactive approach that most organisations adopt today, mitigating or even preventing cyber security breaches. Future work could include these findings as part of their strategy in implementing policies for organisations. User Behaviour Analytic (UBA) software can also take into consideration the inherent characteristics of humans to build better baseline so as to have more accurate predictions if people’s behaviours pose as threats or not.
Nanyang Technological University