|
The Psychology of Cybersecurity: Understanding Human Behaviour in Risk Management
Information security is a domain of study in computer science and engineering, software engineering and information Technology. Now a day information security is replaced with the general term cyber security. Cyber security is the ability to protect computer systems, servers, mobile devices , networks and communication channels from the unauthorized access or modification or exploitation. In current scenario, user behaviour plays very important in digitally connected world. An user behaviour is the key technique to increase the cyber security as well as mitigating the effect of social engineering attacks and cognitive method attack i.e. spreading of false information.
Most of the cyber security errors are occurred due to the computer system users or security analyst. The common errors include sharing of passwords, opening an attachment from untrusted users, oversharing of information on social media, accessing malicious websites, not updated patched on regular basis, use of unauthorized external devices, use of same password on multiple websites, indiscriminate clicking on links, sharing of sensitive information through insecure networks etc. There is always trade off between increasing availability and ease to access computer resources such as network or data along with maintaining security.
As per the existing research, there are several Psychological methods that helps the computer system users to comply with the security policies as well as carefully reading the security warnings and therefore increases network and information security.
Some of the user psychological Traits are impulsivity, risk taking as well as thinking about future consequences of actions. Impulsivity means complying with the security policy is related to individual differences in impulsive behaviour. Second psychological traits is risk taking. The computer users, who are high in risk taking (ignoring security policies and security warnings ) are likely to be the victim of cyber attackers. Future thinking is the third psychological traits. Computer users, who think more about the future, they always follow the security rules and make sure that their computer systems should always be safe in future. To improve security behaviour in the user some of the psychological methods are innovative polymorphic security warnings methods as well as rewarding and penalizing security-related user behaviours. Use of different polymorphic security warning message will help the computer users to pay attention and respond to these warning messages over period of time. It is always suggested to the software engineers to develop attention capturing security messages instead of normal or standard message dialogs and it should be changed regularly over period of time. Many multinational companies uses reward and penalty mechanism for complying with security policies.
To address above mentioned psychological methods, organization can implement training and awareness programme to educate the employees against cyber threat and counter measures of these cyber threats, not only this, they trained the employees to recognize the red flag indicatives for the malicious activities.
The NorthCap University, Gurugram emphasises the importance of including psychological knowledge into the cyber security practices. As one of the leading educational institutions of India, the university implemented the cyber security in safeguarding the sensitive information related to academics and administration. By understanding the various psychological drivers, university has implemented the cyber security framework to protect various assets from future cyber-attacks.
At the NorthCap University, psychological drivers are integrated into cyber security awareness programme, which is the part of curriculum that enhances the skill of the faculty as well as students. The cyber security awareness programme is conducted in various mode such as seminar, workshops, guest lectures etc. The university also invested huge fund to develop cyber security infrastructure to deal with the evolving threats such as robust firewalls, encryption protocols, access control methods, intrusion detection systems, advance tools to protect the critical assets. The university always encourages the faculty, staff and students to report suspicious activity and implement as well as follow the best practices to reduce the potential risks.
Authored By
Dr. Yogita Gigras
Associate Professor
Department of Computer Science and Engineering