Article
Kristoffer Geyer
Understanding digital traces
Article
|
4 min read
Article
Emma Boakes
How Do Security Teams Collaborate To Understand Threats to Their Building Management Systems?
Article
|
4 min read
Article
Jason Nurse
Cyber Resilience: What Is It and How Do We Get It?
Article
|
5 min read
Article
Aaron Roberts, Neville Stanton
Go with the (Information) Flow? How to Develop more Resilient Sociotechnical Systems
Article
|
4 min read
Article
Pip Thornton
Words as Data: The Vulnerability of Language in an Age of Digital Capitalism
Article
|
5 min read
Policy brief
Martin Innes
Russian influence and interference measures following the 2017 UK terrorist attacks
Policy brief
|
1 min read
Article
Awais Rashid, Sylvain Frey
Cyber security decisions: how do you make yours?
Article
|
3 min read
Article
Thilo Gross
Things that spread: Epidemics on networks
Article
|
4 min read
Article
Adam Joinson
Mind Map: The Bluffers Guide To Networks
Article
|
3 min read
Article
Emma Williams
What Makes People Susceptible to Malevolent Influence Online?
Article
|
3 min read
Article
Emma Williams, Debi Ashenden
Phishing Scams Are Becoming Ever More Sophisticated And Firms Are Struggling To Keep Up
Article
|
4 min read
Article
Matthew Williams, Pete Burnap
Cyber crime and the social web
Article
|
3 min read
Article
René Rydhof Hansen, Lizzie Coles-Kemp
Everyday Security: A Manifesto for New Approaches to Security Modelling
Article
|
3 min read
Article
Tim Stevens
Cyber security and the politics of time
Article
|
4 min read
Article
Marcus Rogers
Hacker Mindset
Article
|
3 min read
Article
Jeremy Watson, Emil Lupu
PETRAS: Cyber Security of the Internet of Things
Article
|
3 min read
Article
Debi Ashenden
Fact Check: The Cyber Security Attack Surface
Article
|
4 min read
Article
Debi Ashenden
Creativity and Cyber Security
Article
|
2 min read
Article
Joanne Hinds
How Does Phishing Work?
Article
|
3 min read
Guide
Adam Joinson, Joanne Hinds
Introductory Guide to Phishing
Guide
|
1 min read
Article
Emma Barrett, Matthew Francis
Terrorists’ use of messaging applications
Article
|
3 min read
Article
Debi Ashenden
Your Employees: The Front Line in Cyber Security
Article
|
10 min read
Article
Debi Ashenden
TalkTalk Data Breach Is a Wake Up Call for CEOs
Article
|
3 min read
An evidence synthesis of strategies, enablers and barriers for keeping secrets online regarding the procurement and supply of illicit drugs

This systematic review attempts to understand how people keep secrets online, and in particular how people use the internet when engaging in covert behaviours and activities regarding the procurement and supply of illicit drugs.

With the Internet and social media being part of everyday life for most people in western and non-western countries, there are ever-growing opportunities for individuals to engage in covert behaviours and activities online that may be considered illegal or unethical.

A search strategy using Medical Subject Headings terms and relevant key words was developed. A comprehensive literature search of published and unpublished studies in electronic databases was conducted.

Additional studies were identified from reference lists of previous studies and (systematic) reviews that had similar objectives as this search, and were included if they fulfilled our inclusion criteria. Two researchers independently screened abstracts and full-texts for study eligibility and evaluated the quality of included studies. Disagreements were resolved by a consensus procedure. The systematic review includes 33 qualitative studies and one cross-sectional study, published between 2006 and 2018.

Five covert behaviours were identified: the use of communication channels; anonymity; visibility reduction; limited posts in public; following forum rules and recommendations. The same technologies that provide individuals with easy access to information, such as social networking sites and forums, digital devices, digital tools and services, also increase the prevalence of inaccurate information, loss of privacy, identity theft and disinhibited communication.

This review takes a rigorous interdisciplinary approach to synthesising knowledge on the strategies adopted by people in keeping secrets online. Whilst the focus is on the procurement and supply of illicit drugs, this knowledge is transferrable to a range of contexts where people keep secrets online. It has particular significance for those who design online/social media applications, and for law enforcement and security agencies.

(From the journal abstract)


Aikaterini Grimani, Anna Gavine and Wendy Moncur, 2020. An evidence synthesis of strategies, enablers and barriers for keeping secrets online regarding the procurement and supply of illicit drugs. International Journal of Drug Policy. https://doi.org/10.1016/j.drugpo.2019.102621

Countering Violent Extremism Online: The Experiences of Informal Counter Messaging Actors

The online space is a haven for extremists of all kinds. Although efforts to remove violent and extremist content are increasing, there is a widely accepted need to also contest extremist messages with counter messages designed to undermine and disrupt extremist narratives.

While the majority of academic focus has been on large and well‐funded efforts linked to governments, this article considers the experiences of informal actors who are active in contesting extremist messaging but who lack the support of large institutions.

Informal actors come without some of the baggage that accompanies formal counter message campaigns, which have been attacked as lacking in credibility and constituting “just more government propaganda.” This has been noted by some of the wider countering violent extremism industry and the appetite for incorporating “real‐world” content in their campaigns seems to be rising.

This article fills a gap in our knowledge of the experiences of informal counter messaging actors. Through a series of in‐depth qualitative interviews it demonstrates that, despite the potentially serious risks of incorporating greater levels of informal content, there is an appetite among informal actors to engage with formal campaigns where they can be selective over who they work with and maintain a degree of control.

(From the journal abstract)


Benjamin Lee, 2019. Countering Violent Extremism Online: The Experiences of Informal Counter Messaging Actors. Policy & Internet. https://doi.org/10.1002/poi3.210

Exploring Susceptibility to Phishing in the Workplace

Phishing emails provide a means to infiltrate the technical systems of organisations by encouraging employees to click on malicious links or attachments. Despite the use of awareness campaigns and phishing simulations, employees remain vulnerable to phishing emails. The present research uses a mixed methods approach to explore employee susceptibility to targeted phishing emails, known as spear phishing. In study one, nine spear phishing simulation emails sent to 62,000 employees over a six-week period were rated according to the presence of authority and urgency influence techniques. Results demonstrated that the presence of authority cues increased the likelihood that a user would click a suspicious link contained in an email. In study two, six focus groups were conducted in a second organisation to explore whether additional factors within the work environment impact employee susceptibility to spear phishing. We discuss these factors in relation to current theoretical approaches and provide implications for user communities.

Highlights

  • Susceptibility to phishing emails is explored in an ecologically valid setting.
  • Authority and urgency techniques are found to impact employee susceptibility.
  • Context-specific factors are also likely to impact employee susceptibility.
  • A range of targeted initiatives are required to address susceptibility factors.

(From the journal abstract)


Emma Williams, Joanne Hinds, and Adam N. Joinson. 2018. ‘Exploring Susceptibility to Phishing in the Workplace’. International Journal of Human-Computer Studies, 120 (December): 1–13. https://doi.org/10.1016/j.ijhcs.2018.06.004.

Digital Hoarding Behaviours: Measurement and Evaluation

The social and psychological characteristics of individuals who hoard physical items are quite well understood, however very little is known about the psychological characteristics of those who hoard digital items and the kinds of material they hoard. In this study, we designed a new questionnaire (Digital Behaviours Questionnaire: DBQ) comprising 2 sections: the Digital Hoarding Questionnaire (DHQ) assessing two key components of physical hoarding (accumulation and difficulty discarding); and the second measuring the extent of digital hoarding in the workplace (Digital Behaviours in the Workplace Questionnaire: DBWQ).

In an initial study comprising 424 adults we established the psychometric properties of the questionnaires. In a second study, we presented revised versions of the questionnaires to a new sample of 203 adults, and confirmed their validity and reliability. Both samples revealed that digital hoarding was common (with emails being the most commonly hoarded items) and that hoarding behaviours at work could be predicted by the 10 item DHQ. Digital hoarding was significantly higher in employees who identified as having ‘data protection responsibilities’, suggesting that the problem may be influenced by working practices. In sum, we have validated a new psychometric measure to assess digital hoarding, documented some of its psychological characteristics, and shown that it can predict digital hoarding in the workplace.

(From the journal abstract)


Nick Neave, Pam Briggs, Kerry McKellar, and Elizabeth Sillence. 2019. ‘Digital Hoarding Behaviours: Measurement and Evaluation’. Computers in Human Behavior, 96 (July): 72–77. https://doi.org/10.1016/j.chb.2019.01.037.

Individual Differences in Susceptibility to Online Influence: A Theoretical Review

Scams and other malicious attempts to influence people are continuing to proliferate across the globe, aided by the availability of technology that makes it increasingly easy to create communications that appear to come from legitimate sources. The rise in integrated technologies and the connected nature of social communications means that online scams represent a growing issue across society, with scammers successfully persuading people to click on malicious links, make fraudulent payments, or download malicious attachments.

However, current understanding of what makes people particularly susceptible to scams in online contexts, and therefore how we can effectively reduce potential vulnerabilities, is relatively poor. So why are online scams so effective? And what makes people particularly susceptible to them? This paper presents a theoretical review of literature relating to individual differences and contextual factors that may impact susceptibility to such forms of malicious influence in online contexts.

A holistic approach is then proposed that provides a theoretical foundation for research in this area, focusing on the interaction between the individual, their current context, and the influence message itself, when considering likely response behaviour.

(From the journal abstract)


Williams, Emma J., Amy Beardmore, and Adam N. Joinson. 2017. ‘Individual Differences in Susceptibility to Online Influence: A Theoretical Review’. Computers in Human Behavior 72 (July): 412–21. https://doi.org/10.1016/j.chb.2017.03.002.

Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions

Increasingly, connected communication technologies have resulted in people being exposed to fraudulent communications by scammers and hackers attempting to gain access to computer systems for malicious purposes. Common influence techniques, such as mimicking authority figures or instilling a sense of urgency, are used to persuade people to respond to malevolent messages by, for example, accepting urgent updates. An ‘accept’ response to a malevolent influence message can result in severe negative consequences for the user and for others, including the organisations they work for.

This paper undertakes exploratory research to examine individual differences in susceptibility to fraudulent computer messages when they masquerade as interruptions during a demanding memory recall primary task compared to when they are presented in a post-task phase. A mixed-methods approach was adopted to examine when and why people choose to accept or decline three types of interrupting computer update message (genuine, mimicked, and low authority) and the relative impact of such interruptions on performance of a serial recall memory primary task.

Results suggest that fraudulent communications are more likely to be accepted by users when they interrupt a demanding memory-based primary task, that this relationship is impacted by the content of the fraudulent message, and that influence techniques used in fraudulent communications can over-ride authenticity cues when individuals decide to accept an update message. Implications for theories, such as the recently proposed Suspicion, Cognition and Automaticity Model and the Integrated Information Processing Model of Phishing Susceptibility, are discussed.

(From the journal abstract)


Williams, Emma J., Phillip L. Morgan, and Adam N. Joinson. 2017. ‘Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions’. Decision Support Systems 96 (April): 119–29. https://doi.org/10.1016/j.dss.2017.02.014.

Employees: The Front Line in Cyber Security

What happens if you lose trust in the systems on which you rely? If the displays and dashboards tell you everything is operating normally but, with your own eyes, you can see that this is not the case? This is what apparently happened with the Stuxnet virus attack on the Iranian nuclear programme in 2010.

Dr Debi Ashenden, CREST lead on protective security and risk assessment, writes that with cyber attacks set to rise, it’s important that we empower employees to defend our front line.

(From the journal abstract)


Ashenden, Debi. 2017. ‘Employees: The Front Line in Cyber Security’. The Chemical Engineer, February 2017, 908 edition. https://crestresearch. ac.uk/comment/employees-front-line-cyber-security/.

 

Radicalization, the Internet and Cybersecurity: Opportunities and Challenges for HCI

The idea that the internet may enable an individual to become radicalized has been of increasing concern over the last two decades. Indeed, the internet provides individuals with an opportunity to access vast amounts of information and to connect to new people and new groups.

Together, these prospects may create a compelling argument that radicalization via the internet is plausible. So, is this really the case? Can viewing ‘radicalizing’ material and interacting with others online actually cause someone to subsequently commit violent and/or extremist acts? In this article, we discuss the potential role of the internet in radicalization and relate to how cybersecurity and certain HCI ‘affordances’ may support it.

We focus on how the design of systems provides opportunities for extremist messages to spread and gain credence, and how an application of HCI and user-centered understanding of online behavior and cybersecurity might be used to counter extremist messages.

By drawing upon existing research that may be used to further understand and address internet radicalization, we discuss some future research directions and associated challenges.

(From the journal abstract)


Hinds, Joanne, and Adam Joinson. 2017. 'Radicalization, the Internet and Cybersecurity: Opportunities and Challenges for HCI'. In Human Aspects of Information Security, Privacy and Trust, 481–93. Lecture Notes in Computer Science. Springer, Cham. https://researchportal.bath.ac.uk/en/publications/radicalization-the-internet-and-cybersecurity-opportunities-and-c

Back to top