Frequent Truth: Impact of Frequency of Misinformation Correction in Extended Extreme Events

Misinformation management is a growing area of concern in Online Social Network (OSN) organizations. There are several behavioral interventions employed to address misinformation in OSN's. One example is offering users correction when they have engaged with fake news. However, there is little research quantifying the effectiveness of such interventions. We conducted a laboratory experiment to test whether experiencing corrective feedback improved peoples' ability to discriminate true and false news claims during extended extreme events like the COVID-19 pandemic. Participants in the experiment were randomly assigned to four different experiment conditions. Depending on the condition assigned, participants received varying amount of corrective feedback. Results from this experiment suggests that increasing frequency of corrective feedback may not affect peoples' ability to correctly assess information (or misinformation). Political ideology and mistrust in fact-checking organization were found to be the most significant contributing factors. We discuss implications of the findings from this experiment

Modeling Phishing Decision using Instance Based Learning and Natural Language Processing

Phishing is the practice of deceiving humans into disclosing sensitive information or inappropriately granting access to a secure system. Unfortunately, there is a severe lack of theoretical models to adequately explain and predict the cognitive dynamics underlying end-user susceptibility to phishing emails. This paper reports findings from an Instance-Based Learning (IBL) model developed to predict human response to emails obtained from a laboratory experiment. Particularly, this work investigates the effectiveness of using established natural language processing methods, such as LSA, GloVe, and BERT, to represent email text within IBL models. We found that using representations that consider contextual meanings assigned by humans could enable IBL agents to predict human response with high accuracy (>80%). In addition, we found that traditional NLP methods that capture semantic meanings in natural language may not be effective at representing how people may encode and recall email messages. We discuss the implications of these findings

Privacy, Security, and Usability Tradeoffs of Telehealth from Practitioners' Perspectives

The COVID-19 pandemic has significantly transformed the healthcare sector, with telehealth services being among the most prominent changes. The adoption of telehealth services, however, has raised new challenges, particularly in the areas of security and privacy. To better comprehend the telehealth needs and concerns of medical professionals, particularly those in private practice, we conducted a study comprised of 20 semi-structured interviews with telehealth practitioners in audiology and speech therapy. Our findings indicate that private telehealth practitioners encounter difficult choices when it comes to balancing security, privacy, usability, and accessibility, particularly while caring for vulnerable populations. Additionally, the study revealed that practitioners face challenges in ensuring HIPAA compliance due to inadequate resources and a lack of technological comprehension. Policymakers and healthcare providers should take proactive measures to address these challenges, including offering resources and training to ensure HIPAA compliance and enhancing technology infrastructure to support secure and accessible telehealth

Cyber Teaming and Role Specialization in a Cyber Security Defense Competition

A critical requirement for developing a cyber capable workforce is to understand how to challenge, assess, and rapidly develop human cyber skill-sets in realistic cyber operational environments. Fortunately, cyber team competitions make use of simulated operational environments with scoring criteria of task performance that objectively define overall team effectiveness, thus providing the means and context for observation and analysis of cyber teaming. Such competitions allow researchers to address the key determinants that make a cyber defense team more or less effective in responding to and mitigating cyber attacks. For this purpose, we analyzed data collected at the 12th annual Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC, http://www.maccdc.org), where eight teams were evaluated along four independent scoring dimensions: maintaining services, incident response, scenario injects, and thwarting adversarial activities. Data collected from the 13-point OAT (Observational Assessment of Teamwork) instrument by embedded observers and a cyber teamwork survey completed by all participants were used to assess teamwork and leadership behaviors and team composition and work processes, respectively. The scores from the competition were used as an outcome measure in our analysis to extract key features of team process, structure, leadership, and skill-sets in relation to effective cyber defense. We used Bayesian regression to relate scored performance during the competition to team skill composition, team experience level, and an observational construct of team collaboration. Our results indicate that effective collaboration, experience, and functional role-specialization within the teams are important factors that determine the success of these teams in the competition and are important observational predictors of the timely detection and effective mitigation of ongoing cyber attacks. These results support theories of team maturation and the development of functional team cognition applied to mastering cybersecurity

Influence of Cumulative Risk Priming on Security Update Decision Making

Installing security updates is one of the important security actions individuals can take to prevent potential cybersecurity threats. The cumulative risk of delaying the installation of security updates over an extended period can be substantial, and yet, people often choose to delay such actions. Past research suggests that people neglect to update because the majority overestimate the cost (e.g., time) of an update and underestimate an attack risk. Utilizing the repeated protective decision paradigm, we conducted a laboratory experiment to examine whether priming people about the cumulative risk of not updating could influence their update speed. Results from our experiment show that communicating cumulative risk would only have a momentary effect on peoples’ update decisions and that people would quickly learn from experience to delay or neglect to update. Our findings highlight the importance of augmenting user habits to improve update decision-making. </jats:p

Creative Persuasion: A Study on Adversarial Behaviors and Strategies in Phishing Attacks

Success of phishing attacks depend on effective exploitation of human weaknesses. This research explores a largely ignored, but crucial aspect of phishing: the adversarial behavior. We aim at understanding human behaviors and strategies that adversaries use, and how these may determine the end-user response to phishing emails. We accomplish this through a novel experiment paradigm involving two phases. In the adversarial phase, 105 participants played the role of a phishing adversary who were incentivized to produce multiple phishing emails that would evade detection and persuade end-users to respond. In the end-user phase, 340 participants performed an email management task, where they examined and classified phishing emails generated by participants in phase-one along with benign emails. Participants in the adversary role, self-reported the strategies they employed in each email they created, and responded to a test of individual creativity. Data from both phases of the study was combined and analyzed, to measure the effect of adversarial behaviors on end-user response to phishing emails. We found that participants who persistently used specific attack strategies (e.g., sending notifications, use of authoritative tone, or expressing shared interest) in all their attempts were overall more successful, compared to others who explored different strategies in each attempt. We also found that strategies largely determined whether an end-user was more likely to respond to an email immediately, or delete it. Individual creativity was not a reliable predictor of adversarial performance, but it was a predictor of an adversary's ability to evade detection. In summary, the phishing example provided initially, the strategies used, and the participants' persistence with some of the strategies led to higher performance in persuading end-users to respond to phishing emails. These insights may be used to inform tools and training procedures to detect phishing strategies in emails

Modeling Information Pooling Bias in Incident Response Teams: An Agent Based Modeling Approach

Security analysts regularly correlate disparate incidents to detect cyber-attacks. However, past research shows that team-based incident correlation analysis may be affected by information pooling bias. This article presents findings from an agent-based model used to explore the cognitive processes hypothesized to be causing this bias during information exchange within a team. The model simulated information exchange between three analysts conducting incident correlation analysis by searching for information available with them about the different incidents. Three models of memory search process were compared: Random, Local, and Memory-aided search. Results from the simulation show that agents in a local search model, compared to memory-aided search model, shared more often the information known to majority in the team. Comparing model results with data from lab experiments suggest that teams, by default, may be employing a heuristic search process during information exchange leading to sub-optimal team processes and performance. </jats:p

Information-Pooling Bias in Collaborative Security Incident Correlation Analysis

Objective: Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Background: Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Method: Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Results: Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. Conclusion: The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Application: Potential applications of this research include development of team training procedures and collaboration tool development for security analysts. </jats:sec