Background
The internet has become an integral part of our daily lives. This has resulted in more and more criminals active on the internet out to harm others. The weakest link in security behaviour is indeed human behaviour. Hackers gain more and more knowledge about human behaviour (van Bavel et al., 2019). We need to socially engineer people to act better (Moustafa et al., 2021). People are part of the solution and not necessarily only the problem (Zimmermann & Renaud, 2019).
An interesting finding in cybersecurity research is that the actual behaviour of people does not correspond with their attitudes of how important they find cybersecurity (Netherlands Institue for the Study of Crime and Law Enforcement, 2017). In addition, it seems that cybersecurity measures lose their effectiveness over time (Netherlands Institue for the Study of Crime and Law Enforcement, 2017). People do not necessarily understand the relevance of the measures or why they should do it (Davinson & Sillence, 2014). It is necessary to develop cybersecurity interventions, aimed to foster cybersecurity behaviours for different target groups.
In several ways, your research can provide insights into how one or more target groups can be stimulated to act safely in multiple target behaviours. You can for example study how to stimulate students to change their passwords more often. You can use insights from criminology and psychology to test an effective intervention. You will gain a better understanding of how people view cybersecurity and how several characteristics (their knowledge, self-efficacy, risk perception) affects their behaviour. Own ideas are highly appreciated and valued!
Research questions
1. How can we set-up interventions to foster cybersecurity behaviour? What target groups and target behaviours are necessary to target first?
2. Which moderators (e.g. knowledge) impact the effectiveness of cybersecurity interventions?
3. How can we increase self-efficacy with respect to cybersecurity behaviour?
TYPE OF RESEARCH
The options are experimental and/or survey, depending on the research questions and preferences of the student.
KEYWORDS
Cybercrime, victimization, intervention design, risk perception, efficacy, security
INFORMATION
If you are interested in this topic, please contact Steven Watson via s.j.watson@utwente.nl.
LITERATURE
· Bullee, J. W., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830.
· Davinson, N., & Sillence, E. (2014). Using the health belief model to explore users’ perceptions of “being safe and secure” in the world of technology mediated financial transactions. International Journal of Human Computer Studies, 72(2), 154–168. https://doi.org/10.1016/j.ijhcs.2013.10.003
· Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The Role of User Behaviour in Improving Cyber Security Management. Frontiers in Psychology, 12(June), 1–9. https://doi.org/10.3389/fpsyg.2021.561011
· Kankane, S., DiRusso, C., & Buckley, C. (2018, April). Can we nudge users toward better password management? an initial study. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (pp. 1-6).
· Netherlands Institue for the Study of Crime and Law Enforcement. (2017). Research Agenda the Human Factor in Cybercrime and Cybersecurity. In Eleven International Publishing.
· van Bavel, R., Rodríguez-Priego, N., Vila, J., & Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human Computer Studies, 123(September 2018), 29–39. https://doi.org/10.1016/j.ijhcs.2018.11.003
· Zimmermann, V., & Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human Computer Studies, 131(April), 169–187. https://doi.org/10.1016/j.ijhcs.2019.05.005