Abstract
End users’ behaviour often leads to cyber security vulnerabilities. Recent studies investigating user error as a critical vulnerability within an organisation’s security have emphasised the need for closer consideration of human factors when designing and implementing security solutions. This has led to an increasing focus on usable security design principles that seek to inform, enable and assist users to perform tasks securely and appropriately respond to potential threats. These objectives are often reinforced through provision of user security training and information awareness campaigns. However, despite these eorts, end users remain the target for increasingly sophisticated cyber attacks. In this paper, we discuss recent studies that stress the need for greater attention to human factors and motivate the potential for behavioural change interventions to support cyber security. We review behavioural insights into possible causes of user non-compliance with cyber security best practice, cognitive biases that are related to these insecure behaviours and cyber security risk communication challenges and recommendations. We discuss how persuasion incorporated within cyber security risk communications could reduce user cyber security vulnerabilities and outline a proposed methodology for designing persuasive strategies for this purpose.
| Original language | English |
|---|---|
| Pages | 35-38 |
| Number of pages | 4 |
| Publication status | Published - 2018 |
| Event | 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018 - Liverpool, United Kingdom Duration: 4 Apr 2018 → 6 Apr 2018 |
Conference
| Conference | 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018 |
|---|---|
| Country/Territory | United Kingdom |
| City | Liverpool |
| Period | 4/04/18 → 6/04/18 |
Keywords
- Behaviour change
- Cyber Security
- Human factors
- Persuasive technology