Including Human Behaviors into IA Training Assessment: A Better Way Forward!
Keywords:Cybersecurity, Human Behaviors, Susceptibility, Social Engineering, Information Awareness
Few can argue against the reality that humans are the weakest link in cybersecurity, and Social Engineers work very hard to take advantage of this human weakness. Many cybersecurity practitioners believe the only way to solve this problem is through a technical solution; however, this solution is elusive because humans are still in control and can circumvent these technical measures. In cybersecurity, the human is the critical component of the human firewall, and it is going to take a multi-disciplinary approach to solve the human problem. The human firewall is the first line of defense for cybersecurity. Historically, the primary solution to the human problem has been the Information Awareness training program, designed to teach the end-user about the risks and assess their risk. The biggest problem with the information awareness training program is that it does not modify behavior. Cybersecurity practitioners need to understand better the human firewall and how it can be strengthened. It is necessary to understand how the human makes security-minded decisions, how these decisions affect the cybersecurity decision-making process, and if there is a way to assess a person's susceptibility level more precisely when working to strengthen the human firewall. Humans are multifaceted, complex beings influenced by both internal and external factors. The most significant internal factor that affects a person's decision-making process is behavior, while Social Media is one of the most significant external factors that impact a person's decision-making capacity. This study presents a new method of assessing a person's susceptibility to cybercrime by including behavioral and social media usage factors into a Dynamic/Adaptable information awareness training assessment tool. This study shows that including human behaviors and social media usage behaviors into an Information Awareness (IA) training assessment tool produces a more precise measure of a person's accurate susceptibility level.
Copyright (c) 2022 European Conference on Cyber Warfare and Security
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.