Poor decision-making can lead to cybersecurity breaches

Poor decision-making can lead to cybersecurity breaches
Rick Wash, assistant professor of journalism and media and information. Credit: Communication Arts and Sciences

Recent high-profile security breaches, such as those at Target, Anthem Inc. and Sony Pictures, have attracted scrutiny to how the seemingly minor decisions of individuals can have major cybersecurity consequences.

In a presentation at this year's meeting of the American Association for the Advancement of Science, Michigan State University's Rick Wash discussed how social interactions affect the processes behind personal cybersecurity decision-making.

"We all have small supercomputers in our pockets now," said Wash, an assistant professor of journalism and media and information. "Regular people like you and me make a lot of important security decisions on a daily basis."

He said the Sony hack is a great example of smart people making poor choices.

"A lot of people were making , sharing passwords, etc., that led to this event," he said. "But what's the reasoning process behind these decisions?"

Wash's research shows that how people visualize and conceptualize hackers and other cyber criminals affects their cybersecurity decision-making. As people make personal assessments about the risks of their behaviors, these impressions - formed from the influence of media, interpersonal interactions and storytelling - have a great impact.

"People tend to focus on a picture they have in their head when conceptualizing hackers and virus makers," Wash said. "I have found two of these pictured individuals to be the most common and easily recognizable: The teenager on a computer in their parents' basement, or the professional criminal in a foreign country. Those who picture the teenager tend to make better decisions in ."

He said people's familiarity with the concept of a teenage mischief-maker allows them to readily visualize that person as a legitimate threat, and act accordingly. Those who visualize a foreign hacker believe that they are professionals and are more likely to focus on more lucrative targets.

By identifying the social behaviors and rationales behind the decision-making process, this research can in turn help to influence effectiveness in the development of the science of cybersecurity.

Wash's presentation was part of a panel of six researchers exploring the social aspects of . The panel, organized by Indiana University, was titled "Holistic Computing Risk Assessment: Privacy, Security, and Trust."

"We're all looking beyond the technological issues," Wash said. "It's about people and society and how it all comes together."

Citation: Poor decision-making can lead to cybersecurity breaches (2015, February 17) retrieved 28 March 2024 from https://phys.org/news/2015-02-poor-decision-making-cybersecurity-breaches.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Obama brings tech firms into his cybersecurity push

28 shares

Feedback to editors