How can persuasion reduce user cyber security vulnerabilities?

John Paul Vargheese, Matthew Collinson, Judith Mastho

Research output: Contribution to conferencePaper

Abstract

End users’ behaviour often leads to cyber security vulnerabilities. Recent studies investigating user error as a critical vulnerability within an organisation’s security have emphasised the need for closer consideration of human factors when designing and implementing security solutions. This has led to an increasing focus on usable security design principles that seek to inform, enable and assist users to perform tasks securely and appropriately respond to potential threats. These objectives are often reinforced through provision of user security training and information awareness campaigns. However, despite these eorts, end users remain the target for increasingly sophisticated cyber attacks. In this paper, we discuss recent studies that stress the need for greater attention to human factors and motivate the potential for behavioural change interventions to support cyber security. We review behavioural insights into possible causes of user non-compliance with cyber security best practice, cognitive biases that are related to these insecure behaviours and cyber security risk communication challenges and recommendations. We discuss how persuasion incorporated within cyber security risk communications could reduce user cyber security vulnerabilities and outline a proposed methodology for designing persuasive strategies for this purpose.

Original languageEnglish
Pages35-38
Number of pages4
Publication statusPublished - 2018
Event2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018 - Liverpool, United Kingdom
Duration: 4 Apr 20186 Apr 2018

Conference

Conference2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018
CountryUnited Kingdom
CityLiverpool
Period4/04/186/04/18

Fingerprint

Persuasion
Human engineering
Vulnerability
Communication
Human Factors
Noncompliance
User Studies
Best Practice
User Behavior
Recommendations
Attack

Keywords

  • Behaviour change
  • Cyber Security
  • Human factors
  • Persuasive technology

ASJC Scopus subject areas

  • Artificial Intelligence
  • Modelling and Simulation

Cite this

Vargheese, J. P., Collinson, M., & Mastho, J. (2018). How can persuasion reduce user cyber security vulnerabilities?. 35-38. Paper presented at 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018, Liverpool, United Kingdom.

How can persuasion reduce user cyber security vulnerabilities? / Vargheese, John Paul; Collinson, Matthew; Mastho, Judith.

2018. 35-38 Paper presented at 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018, Liverpool, United Kingdom.

Research output: Contribution to conferencePaper

Vargheese, JP, Collinson, M & Mastho, J 2018, 'How can persuasion reduce user cyber security vulnerabilities?', Paper presented at 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018, Liverpool, United Kingdom, 4/04/18 - 6/04/18 pp. 35-38.
Vargheese JP, Collinson M, Mastho J. How can persuasion reduce user cyber security vulnerabilities?. 2018. Paper presented at 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018, Liverpool, United Kingdom.
Vargheese, John Paul ; Collinson, Matthew ; Mastho, Judith. / How can persuasion reduce user cyber security vulnerabilities?. Paper presented at 2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018, Liverpool, United Kingdom.4 p.
@conference{138ef43cf8b1496fb2da47d7c9da281b,
title = "How can persuasion reduce user cyber security vulnerabilities?",
abstract = "End users’ behaviour often leads to cyber security vulnerabilities. Recent studies investigating user error as a critical vulnerability within an organisation’s security have emphasised the need for closer consideration of human factors when designing and implementing security solutions. This has led to an increasing focus on usable security design principles that seek to inform, enable and assist users to perform tasks securely and appropriately respond to potential threats. These objectives are often reinforced through provision of user security training and information awareness campaigns. However, despite these eorts, end users remain the target for increasingly sophisticated cyber attacks. In this paper, we discuss recent studies that stress the need for greater attention to human factors and motivate the potential for behavioural change interventions to support cyber security. We review behavioural insights into possible causes of user non-compliance with cyber security best practice, cognitive biases that are related to these insecure behaviours and cyber security risk communication challenges and recommendations. We discuss how persuasion incorporated within cyber security risk communications could reduce user cyber security vulnerabilities and outline a proposed methodology for designing persuasive strategies for this purpose.",
keywords = "Behaviour change, Cyber Security, Human factors, Persuasive technology",
author = "Vargheese, {John Paul} and Matthew Collinson and Judith Mastho",
year = "2018",
language = "English",
pages = "35--38",
note = "2018 Convention of the Society for the Study of Artificial Intelligence and the Simulation of Behaviour, AISB 2018 ; Conference date: 04-04-2018 Through 06-04-2018",

}

TY - CONF

T1 - How can persuasion reduce user cyber security vulnerabilities?

AU - Vargheese, John Paul

AU - Collinson, Matthew

AU - Mastho, Judith

PY - 2018

Y1 - 2018

N2 - End users’ behaviour often leads to cyber security vulnerabilities. Recent studies investigating user error as a critical vulnerability within an organisation’s security have emphasised the need for closer consideration of human factors when designing and implementing security solutions. This has led to an increasing focus on usable security design principles that seek to inform, enable and assist users to perform tasks securely and appropriately respond to potential threats. These objectives are often reinforced through provision of user security training and information awareness campaigns. However, despite these eorts, end users remain the target for increasingly sophisticated cyber attacks. In this paper, we discuss recent studies that stress the need for greater attention to human factors and motivate the potential for behavioural change interventions to support cyber security. We review behavioural insights into possible causes of user non-compliance with cyber security best practice, cognitive biases that are related to these insecure behaviours and cyber security risk communication challenges and recommendations. We discuss how persuasion incorporated within cyber security risk communications could reduce user cyber security vulnerabilities and outline a proposed methodology for designing persuasive strategies for this purpose.

AB - End users’ behaviour often leads to cyber security vulnerabilities. Recent studies investigating user error as a critical vulnerability within an organisation’s security have emphasised the need for closer consideration of human factors when designing and implementing security solutions. This has led to an increasing focus on usable security design principles that seek to inform, enable and assist users to perform tasks securely and appropriately respond to potential threats. These objectives are often reinforced through provision of user security training and information awareness campaigns. However, despite these eorts, end users remain the target for increasingly sophisticated cyber attacks. In this paper, we discuss recent studies that stress the need for greater attention to human factors and motivate the potential for behavioural change interventions to support cyber security. We review behavioural insights into possible causes of user non-compliance with cyber security best practice, cognitive biases that are related to these insecure behaviours and cyber security risk communication challenges and recommendations. We discuss how persuasion incorporated within cyber security risk communications could reduce user cyber security vulnerabilities and outline a proposed methodology for designing persuasive strategies for this purpose.

KW - Behaviour change

KW - Cyber Security

KW - Human factors

KW - Persuasive technology

UR - http://www.scopus.com/inward/record.url?scp=85056904067&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:85056904067

SP - 35

EP - 38

ER -