Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

A new hope: human-centric cybersecurity research embedded within organizations

Morgan, Phillip L., Asquith, Phoebe M., Bishop, Laura, Raywood-Burke, George, Wedgbury, Adam and Jones, Kevin 2020. A new hope: human-centric cybersecurity research embedded within organizations. Presented at: 22nd International Conference on Human-Computer Interaction (HCII 2020), Virtual, 19-24 July 2020. HCI for Cybersecurity, Privacy and Trust: Second International Conference, HCI-CPT 2020, Held as Part of the 22nd HCI International Conference, HCII 2020, Copenhagen, Denmark, July 19–24, 2020, Proceedings. Lecture Notes in Computer Science/Information Systems and Applications, incl. Internet/Web, and HCI Springer, Cham, pp. 206-216. 10.1007/978-3-030-50309-3_14

Full text not available from this repository.

Abstract

Humans are and have been the weakest link in the cybersecurity chain (e.g., [1, 2, 3]). Not all systems are adequately protected and even for those that are, individuals can still fall prey to cyber-attack attempts (e.g., phishing, malware, ransomware) that occasionally break through, and/or engage in other cyber risky behaviors (e.g., not adequately securing devices) that put even the most secure systems at risk. Such susceptibility can be due to one or a number of factors, including individual differences, environmental factors, maladaptive behaviors, and influence techniques. This is particularly concerning at an organizational level where the costs of a successful cyber-attack can be colossal (e.g., financial, safety, reputational). Cyber criminals’ intent on infiltrating organization accounts/networks to inflict damage, steal data, and/or make financial gains will continue to try and exploit these human vulnerabilities unless we are able to act fast and do something about them. Is there any hope for human resistance? We argue that technological solutions alone rooted in software and hardware will not win this battle. The ‘human’ element of any digital system is as important to its enduring security posture. More research is needed to better understand human cybersecurity vulnerabilities within organizations. This will inform the development of methods (including those rooted in HCI) to decrease cyber risky and enhance cyber safe decisions and behaviors: to fight back, showing how humans, with the right support, can be the best line of cybersecurity defense.In this paper, we assert that in order to achieve the highest positive impactful benefits from such research efforts, more human-centric cybersecurity research needs to be conducted with expert teams embedded within industrial organizations driving forward the research. This cannot be an issue addressed through laboratory-based research alone. Industrial organizations need to move towards more holistic – human- and systems- centric – cybersecurity research and solutions that will create safer and more secure employees and organizations; working in harmony to better defend against cyber-attack attempts. One such example is the Airbus Accelerator in Human-Centric Cyber Security (H2CS), which is discussed as a case study example within the current paper.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Psychology
Publisher: Springer, Cham
ISBN: 9783030503086
ISSN: 0302-9743
Date of First Compliant Deposit: 19 October 2020
Date of Acceptance: 25 November 2019
Last Modified: 19 Oct 2020 13:15
URI: http://orca.cardiff.ac.uk/id/eprint/135726

Actions (repository staff only)

Edit Item Edit Item