background
Cybercrime is inescapable it seems. Nowadays the questions is not if we will become a victim of cybercrime, but when. Still, we should always do our best to keep ourselves as safe as we can. Unfortunately, us people are not the best to adhere to cybersecurity rules (when was the last time you changed your vital passwords?). Hackers gain more and more knowledge about human behaviour (van Bavel et al., 2019). We need to socially engineer people to act better (Moustafa et al., 2021). People are part of the solution and not necessarily only the problem (Zimmermann & Renaud, 2019).
An interesting finding in cybersecurity research is that the actual behaviour of people does not correspond with their attitudes of how important they find cybersecurity (Netherlands Institue for the Study of Crime and Law Enforcement, 2017). In addition, it seems that cybersecurity measures lose their effectiveness over time (Netherlands Institue for the Study of Crime and Law Enforcement, 2017). People do not necessarily understand the relevance of the measures or why they should do it (Davinson & Sillence, 2014). It is necessary to develop cybersecurity interventions, aimed to foster cybersecurity behaviours for different target groups.
In several ways, your research can provide insights into how one or more target groups can be stimulated to act safely in multiple target behaviours. One topic within this thesis could be how to stimulate people to use passwords managers, employing a longitudinal study. We can specifically look if showing people personalized prompts will make people more likely to start using a password manager. Your own input however into the topic of the thesis is valued and highly appreciated, and thus there are more potential topics within cybercrime you can pursuit.
Research questions
Example research questions:
1. How can we set-up interventions to foster cybersecurity behaviour? What target groups and target behaviours are necessary to target first?
2. How can we use personalized prompt to foster people to install password managers?
3. Can we use VR to study cybersecurity behaviour?
4. How can we increase self-efficacy with respect to cybersecurity behaviour?
Type of research
The options are experimental and/or survey, depending on the research questions and preferences of the student.
Keywords
Cybercrime, victimization, intervention design, risk perception, efficacy, security
Information
If you are interested in this topic, please contact Steven Watson via s.j.watson@utwente.nl. The assignment is open to two students.
Start
· Available any time
Literature
· Bullee, J. W., & Junger, M. (2020). How effective are social engineering interventions? A meta-analysis. Information & Computer Security, 28(5), 801-830.
· Davinson, N., & Sillence, E. (2014). Using the health belief model to explore users’ perceptions of “being safe and secure” in the world of technology mediated financial transactions. International Journal of Human Computer Studies, 72(2), 154–168. https://doi.org/10.1016/j.ijhcs.2013.10.003
· Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The Role of User Behaviour in Improving Cyber Security Management. Frontiers in Psychology, 12(June), 1–9. https://doi.org/10.3389/fpsyg.2021.561011
· Kankane, S., DiRusso, C., & Buckley, C. (2018, April). Can we nudge users toward better password management? an initial study. In Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (pp. 1-6).
· Netherlands Institue for the Study of Crime and Law Enforcement. (2017). Research Agenda the Human Factor in Cybercrime and Cybersecurity. In Eleven International Publishing.
· van Bavel, R., Rodríguez-Priego, N., Vila, J., & Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human Computer Studies, 123(September 2018), 29–39. https://doi.org/10.1016/j.ijhcs.2018.11.003
· Zimmermann, V., & Renaud, K. (2019). Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human Computer Studies, 131(April), 169–187. https://doi.org/10.1016/j.ijhcs.2019.05.005