Moving from a "human-as-problem" to a "human-as-solution" cybersecurity mindset

Cybersecurity has gained prominence, with a number of widely publicised security incidents, hacking attacks and data breaches reaching the news over the last few years. The escalation in the numbers of cyber incidents shows no sign of abating, and it seems appropriate to take a look at the way cybersecurity is conceptualised and to consider whether there is a need for a mindset change.To consider this question, we applied a "problematization" approach to assess current conceptualisations of the cybersecurity problem by government, industry and hackers. Our analysis revealed that individual human actors, in a variety of roles, are generally considered to be "a problem". We also discovered that deployed solutions primarily focus on preventing adverse events by building resistance: i.e. implementing new security layers and policies that control humans and constrain their problematic behaviours. In essence, this treats all humans in the system as if they might well be malicious actors, and the solutions are designed to prevent their ill-advised behaviours. Given the continuing incidences of data breaches and successful hacks, it seems wise to rethink the status quo approach, which we refer to as "Cybersecurity, Currently". In particular, we suggest that there is a need to reconsider the core assumptions and characterisations of the well-intentioned human's role in the cybersecurity socio-technical system. Treating everyone as a problem does not seem to work, given the current cyber security landscape.Benefiting from research in other fields, we propose a new mindset i.e. "Cybersecurity, Differently". This approach rests on recognition of the fact that the problem is actually the high complexity, interconnectedness and emergent qualities of socio-technical systems. The "differently" mindset acknowledges the well-intentioned human's ability to be an important contributor to organisational cybersecurity, as well as their potential to be "part of the solution" rather than "the problem". In essence, this new approach initially treats all humans in the system as if they are well-intentioned. The focus is on enhancing factors that contribute to positive outcomes and resilience. We conclude by proposing a set of key principles and, with the help of a prototypical fictional organisation, consider how this mindset could enhance and improve cybersecurity across the socio-technical system

Introduction to the special issue on the 50th anniversary of IJHCS

This special issue celebrates the 50th anniversary of the International Journal of Human-Computer Studies (IJHCS), which published its first volume in January 1969. The special issue comprises 15 contributions from a number of experts in Human-Computer Interaction (HCI) and other areas relevant to IJHCS. These contributions are best characterized as ‘landscape papers’, providing insightful analyses about the evolution (i.e., the past, the present and the future) of research areas relevant to IJHCS. The areas covered in this special issue include: the history and scope of the journal; foundational concerns in HCI; critical discussions about the issues surrounding digital living in a variety of areas, from healthcare and cybersecurity to digital games and art; the making of interactive products and services, as seen through the viewpoints defined by research in psychology of programming, end-user development and participatory design; and, finally, the issues associated with adapting to various novel emerging technologies, including automated systems, online personalisation, human augmentations, mixed reality, and sonic interfaces. In this short essay, we introduce the special issue, reflecting on the nature and evolution of the journal, before providing short outlines of each of the contributions to this special issue

Introduction to the Special Issue on the 50th Anniversary of IJHCS

This special issue celebrates the 50th anniversary of the International Journal of Human-Computer Studies (IJHCS), which published its first volume in January 1969. The special issue comprises 15 contributions from a number of experts in Human-Computer Interaction (HCI) and other areas relevant to IJHCS. These contributions are best characterized as ‘landscape papers’, providing insightful analyses about the evolution (i.e., the past, the present and the future) of research areas relevant to IJHCS. The areas covered in this special issue include: the history and scope of the journal; foundational concerns in HCI; critical discussions about the issues surrounding digital living in a variety of areas, from healthcare and cybersecurity to digital games and art; the making of interactive products and services, as seen through the viewpoints defined by research in psychology of programming, end-user development and participatory design; and, finally, the issues associated with adapting to various novel emerging technologies, including automated systems, online personalisation, human augmentations, mixed reality, and sonic interfaces. In this short essay, we introduce the special issue, reflecting on the nature and evolution of the journal, before providing short outlines of each of the contributions to this special issue

A Reverse Digital Divide: Comparing Information Security Behaviors of Generation Y and Generation Z Adults

How individuals conceptualize their accountability related to digital technology. There may also be age-based vulnerabilities resulting from personal perceptions about the importance of engaging in best-practices. However, age may not be as critical as experience when it comes to implementation of these behaviors. Using the Cybersecurity Behaviors subscale of the Online Security Behaviors and Beliefs Questionnaire (OSBBQ), this study compared the self-reported cybersecurity attitudes and behaviors across college-aged individuals from Generation Y and Generation Z. Data were derived from a convenience sample of predominantly African-American and Caucasian respondents (N=593) recruited from two public universities in Virginia, USA. Four of the eight OSBBQ subscale items demonstrated significant differences between Generation Y and Generation Z adults. Generation Y adults reported greater reviewing of privacy policies on social media, maintenance of antivirus updates, watching for unusual computer performance, and acting on malware alerts, but no significant differences on the other items. It is reasonable to assume that the observed elevated scores were accompanied by greater individual knowledge of information security simply because of being older as a cohort, suggesting that the group was also more experienced and less likely to perceive themselves as invulnerable to online victimization

Factors Affecting Compliance with the National Cybersecurity Policy by SMMEs in South Africa

Technological advancements enable Small, Micro and Medium Enterprises (SMMEs) to increase business value and gain a competitive advantage. However, despite the myriad benefits of Information and Communication Technologies (ICTs), they have ushered in cyber threats. Cyberattacks have become more prevalent, especially in developing countries. As a result, most SMMEs in developing countries face challenges securing their digital environment. Governments worldwide have developed a National Cybersecurity Policy to protect their citizens, businesses and critical information infrastructure from cyberattacks. However, compliance with cybersecurity policy remains a challenge in many developing countries, especially among SMMEs. The study investigated the factors affecting compliance with the National Cybersecurity Policy by SMMEs in developing countries. This will aid policymakers in formulating National Cybersecurity Policies and providing an enabling environment for effective compliance by SMMEs in developing countries. We employed a qualitative approach using semi- structured interviews as a means of data collection. The sample for the study was 20 SMMEs in South Africa and was purposively selected. The findings showed that lack of awareness of the National Cybersecurity Policy, lack of understanding of the policy, resource constraints and lack of perceived benefits affect how SMMEs comply with the National Cybersecurity Policy

Re-thinking Decision-Making in Cybersecurity: Leveraging Cognitive Heuristics in Situations of Uncertainty

The prevailing consensus in cybersecurity is that individuals’ insecure behavior due to inadequate decision-making is a primary source of cyber incidents. The conclusion of this assumption is to enforce desired behavior via extensive security policies and suppress individuals’ intuitions or rules of thumb (cognitive heuristics) when dealing with critical situations. This position paper aims to change the way we look at these cognitive heuristics in cybersecurity. We argue that heuristics can be particularly useful in uncertain environments such as cybersecurity. Based on successful examples from other domains, we propose that heuristic decisionmaking should also be used to combat cyber threats. Lastly, we give an outlook on where such heuristics could be beneficial in cybersecurity (e.g., phishing detection or incident response) and how they can be found or created

El Problema contextualizado para el científico de datos desde un enfoque socioformativo

Se propuso conjuntar la labor de la ciencia de datos con el enfoque socioformativo para ofrecer mayor certeza al trabajar con escenarios reales y actuales, así como permitir adaptar y optimizar soluciones ya empleadas para generar réplicas exitosas en ambientes similares. Para ello se llevó a cabo un análisis documental con enfoque cualitativo e integral mediante un registro estructurado. Para una investigación futura, se revisarán las estrategias de planeación de la ciencia de datos y del enfoque socioformativo para establecer el punto de convergencia y garantizar mejores logros