Poor decision-making can lead to cybersecurity breaches

February 15, 2015

Recent high-profile security breaches, such as those at Target, Anthem Inc. and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.

In a presentation at this year's meeting of the American Association for the Advancement of Science, Michigan State University's Rick Wash discussed how social interactions affect the processes behind personal cybersecurity decision-making.

"We all have small supercomputers in our pockets now," said Wash, an assistant professor of journalism and media and information. "Regular people like you and me make a lot of important security decisions on a daily basis."

He said the Sony hack is a great example of smart people making poor choices.

"A lot of people were making bad decisions, sharing passwords, etc., that led to this event," he said. "But what's the reasoning process behind these decisions?"

Wash's research shows that how people visualize and conceptualize hackers and other cyber criminals affects their cybersecurity decision-making. As people make personal assessments about the risks of their behaviors, these impressions - formed from the influence of media, interpersonal interactions and storytelling - have a great impact.

"People tend to focus on a picture they have in their head when conceptualizing hackers and virus makers," Wash said. "I have found two of these pictured individuals to be the most common and easily recognizable: The teenager on a computer in their parents' basement, or the professional criminal in a foreign country. Those who picture the teenager tend to make better decisions in cyber security."

He said people's familiarity with the concept of a teenage mischief-maker allows them to readily visualize that person as a legitimate threat, and act accordingly. Those who visualize a foreign hacker believe that they are professionals and are more likely to focus on more lucrative targets.

By identifying the social behaviors and rationales behind the decision-making process, this research can in turn help to influence effectiveness in the development of the science of cybersecurity.

Wash's presentation was part of a panel of six researchers exploring the social aspects of cybersecurity. The panel, organized by Indiana University, was titled "Holistic Computing Risk Assessment: Privacy, Security, and Trust."

"We're all looking beyond the technological issues," Wash said. "It's about people and society and how it all comes together."
-end-
AAAS is the world's largest general science society. Its annual meeting brings together thousands of scientists, engineers, policymakers, educators and journalists to present new research and developments in science and technology.For more on the AAAS conference, visit http://meetings.aaas.org/.

Michigan State University

Related Cybersecurity Articles from Brightsurf:

Computer scientists' new tool fools hackers into sharing keys for better cybersecurity
Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.

Cultural differences account for global gap in online regulation -- study
Differences in cultural values have led some countries to tackle the specter of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security -- a new study shows.

Study finds companies may be wise to share cybersecurity efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors.

$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.

First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.

Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.

Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.

A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.

Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.

Read More: Cybersecurity News and Cybersecurity Current Events
Brightsurf.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.