Policy brief
John Blythe
Phishing your staff: A double-edged sword?
Policy brief
|
5 min read
Article
Nick Neave
The Risks of Digital Hoarding
Article
|
3 min read
Article
Emma Boakes
How Do Security Teams Collaborate To Understand Threats to Their Building Management Systems?
Article
|
4 min read
Article
Olivia Brown
Teamwork in Extreme Environments: Identifying Challenges and Generating Solutions
Article
|
4 min read
Guide
Charis Rice, Rosalind Searle
Animation: Positively Influencing Individuals During Organisational Change
Guide
|
1 min read
Article
Jason Nurse
Cyber Resilience: What Is It and How Do We Get It?
Article
|
5 min read
Article
Robert Cialdini, Steve Martin
The Power of Persuasion and Pre-Suasion to Produce Change
Article
|
5 min read
Article
Rosalind Searle, Charis Rice
Positively Influencing Individuals During Organisational Change
Article
|
15 min read
Article
Simon Henderson
The Trade Of The Tricks: How Principles Of Magic Can Contribute To National Security
Article
|
5 min read
Article
Rosalind Searle, Charis Rice
How Messing with Employee Pensions Can Backfire on Companies
Article
|
4 min read
Guide
Rosalind Searle, Charis Rice
A Manager's Guide to Organisational Change
Guide
|
2 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Practitioner Toolkit
Guide
|
1 min read
Report
Rosalind Searle, Charis Rice
Managing Organisational Change
Report
|
2 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Organisational Culture Toolkit
Guide
|
1 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Individuals Toolkit
Guide
|
1 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Leaders Toolkit
Guide
|
1 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Team Relations Toolkit
Guide
|
1 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Video Introduction
Guide
|
1 min read
Guide
Rosalind Searle, Charis Rice
Managing Organisational Change: Using the CWB Toolkits
Guide
|
1 min read
Article
Samantha Mann
How does a smuggler behave?
Article
|
4 min read
Article
Jan-Willem Bullée
Social Engineering: From Thoughts to Awareness
Article
|
3 min read
Article
Rosalind Searle, Charis Rice
Trust and Insider Threat: Ensuring We Don’t Look Back – or Forward – in Anger
Article
|
3 min read
Article
Using Networks to Predict the Impact of ‘Bad Apples’ on Team Performance
Article
|
3 min read
Article
Dorothy Carter, Cynthia Maupin
Leadership Is a Social Network: Implications for Security
Article
|
4 min read
Article
Christos Ellinas
Predicting and Preparing for the Failure of Complex Systems
Article
|
4 min read
Article
Charis Rice, Rosalind Searle
Trust and Citizenship: The Insider Threat
Article
|
3 min read
Article
Paul Taylor
7 Things Worth Knowing About Groups
Article
|
4 min read
Article
Emma Williams
What Makes People Susceptible to Malevolent Influence Online?
Article
|
3 min read
Article
Emma Williams, Debi Ashenden
Phishing Scams Are Becoming Ever More Sophisticated And Firms Are Struggling To Keep Up
Article
|
4 min read
Article
Debi Ashenden
Employees Behaving Badly
Article
|
4 min read
Article
René Rydhof Hansen, Lizzie Coles-Kemp
Everyday Security: A Manifesto for New Approaches to Security Modelling
Article
|
3 min read
Article
Jeremy Watson, Emil Lupu
PETRAS: Cyber Security of the Internet of Things
Article
|
3 min read
Article
Debi Ashenden
Creativity and Cyber Security
Article
|
2 min read
Article
Sheryl Prentice
How Technology Could Help Predict Terrorist Attacks
Article
|
3 min read
Article
Joanne Hinds
How Does Phishing Work?
Article
|
3 min read
Guide
Adam Joinson, Joanne Hinds
2017 Messaging Applications
Guide
|
2 min read
Article
Debi Ashenden
Your Employees: The Front Line in Cyber Security
Article
|
10 min read
Article
Debi Ashenden
TalkTalk Data Breach Is a Wake Up Call for CEOs
Article
|
3 min read
Detecting smugglers: Identifying strategies and behaviours in individuals in possession of illicit objects

Behaviour detection officers' task is to spot potential criminals in public spaces, but scientific research concerning what to look for is scarce. In two experiments, 52 (Experiment 1A) and 60 (Experiment 2A) participants carried out a mission involving a ferry crossing. Half were asked to smuggle an object; the other half were non‐smugglers. In Experiment 2A, two confederates appeared to approach as if looking for someone on the ferry.

Smugglers, more than non‐smugglers, reported afterwards to have felt nervous, self‐conscious, and conspicuous and to attempt behavioural control during the ferry crossing. The secretly videotaped ferry crossings were shown to 104 (Experiment 1B) and 120 (Experiment 2B) observers, tasked to identify the smugglers. Although they reported paying attention mostly to signs of nervousness, lie detection accuracy rate was poor (48% in Experiment 1 and 39.2% in Experiment 2) because their perceptions of nervousness did not match the experiences of nervousness reported by the (non)smugglers.

(From the journal abstract)


Samantha Mann, Haneen Deeb, Aldert Vrij, Lorraine Hope & Lavinia Pontigia, 2019. Detecting Smugglers: Identifying strategies and behaviours in individuals in possession of illicit objects. Applied Cognitive Psychology.https://doi.org/10.1002/acp.3622

In Their Own Words: Employee Attitudes towards Information Security

The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.

Design/methodology/approach

The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.

Findings

The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.

Research limitations/implications

The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.

Originality/value

The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.

(From the journal abstract)


Debi Ashenden. 2018. ‘In Their Own Words: Employee Attitudes towards Information Security’. Information and Computer Security, 26 (3): 327–37. https://doi.org/10.1108/ICS-04-2018-0042.

Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions

Increasingly, connected communication technologies have resulted in people being exposed to fraudulent communications by scammers and hackers attempting to gain access to computer systems for malicious purposes. Common influence techniques, such as mimicking authority figures or instilling a sense of urgency, are used to persuade people to respond to malevolent messages by, for example, accepting urgent updates. An ‘accept’ response to a malevolent influence message can result in severe negative consequences for the user and for others, including the organisations they work for.

This paper undertakes exploratory research to examine individual differences in susceptibility to fraudulent computer messages when they masquerade as interruptions during a demanding memory recall primary task compared to when they are presented in a post-task phase. A mixed-methods approach was adopted to examine when and why people choose to accept or decline three types of interrupting computer update message (genuine, mimicked, and low authority) and the relative impact of such interruptions on performance of a serial recall memory primary task.

Results suggest that fraudulent communications are more likely to be accepted by users when they interrupt a demanding memory-based primary task, that this relationship is impacted by the content of the fraudulent message, and that influence techniques used in fraudulent communications can over-ride authenticity cues when individuals decide to accept an update message. Implications for theories, such as the recently proposed Suspicion, Cognition and Automaticity Model and the Integrated Information Processing Model of Phishing Susceptibility, are discussed.

(From the journal abstract)


Williams, Emma J., Phillip L. Morgan, and Adam N. Joinson. 2017. ‘Press Accept to Update Now: Individual Differences in Susceptibility to Malevolent Interruptions’. Decision Support Systems 96 (April): 119–29. https://doi.org/10.1016/j.dss.2017.02.014.

Security Dialogues: Building Better Relationships between Security and Business

In the real world, there's often a discrepancy between an organization's mandated security processes and what actually happens. The social practice of security flourishes in the space between and around formal organizational security processes.

By recognizing the value of risk management as a communication tool, security practitioners can tap opportunities to improve the security dialogue with staff.

(From the journal abstract)


Ashenden, Debi, and Darren Lawrence. 2016. ‘Security Dialogues: Building Better Relationships between Security and Business’. IEEE Security Privacy 14 (3): 82–87. https://www.computer.org/cms/Computer.org/ComputingNow/issues/2016/08/msp2016030082.pdf.

Employees: The Front Line in Cyber Security

What happens if you lose trust in the systems on which you rely? If the displays and dashboards tell you everything is operating normally but, with your own eyes, you can see that this is not the case? This is what apparently happened with the Stuxnet virus attack on the Iranian nuclear programme in 2010.

Dr Debi Ashenden, CREST lead on protective security and risk assessment, writes that with cyber attacks set to rise, it’s important that we empower employees to defend our front line.

(From the journal abstract)


Ashenden, Debi. 2017. ‘Employees: The Front Line in Cyber Security’. The Chemical Engineer, February 2017, 908 edition. https://crestresearch. ac.uk/comment/employees-front-line-cyber-security/.

 

Individual Differences in Susceptibility to Online Influence: A Theoretical Review

Scams and other malicious attempts to influence people are continuing to proliferate across the globe, aided by the availability of technology that makes it increasingly easy to create communications that appear to come from legitimate sources. The rise in integrated technologies and the connected nature of social communications means that online scams represent a growing issue across society, with scammers successfully persuading people to click on malicious links, make fraudulent payments, or download malicious attachments.

However, current understanding of what makes people particularly susceptible to scams in online contexts, and therefore how we can effectively reduce potential vulnerabilities, is relatively poor. So why are online scams so effective? And what makes people particularly susceptible to them? This paper presents a theoretical review of literature relating to individual differences and contextual factors that may impact susceptibility to such forms of malicious influence in online contexts.

A holistic approach is then proposed that provides a theoretical foundation for research in this area, focusing on the interaction between the individual, their current context, and the influence message itself, when considering likely response behaviour.

(From the journal abstract)


Williams, Emma J., Amy Beardmore, and Adam N. Joinson. 2017. ‘Individual Differences in Susceptibility to Online Influence: A Theoretical Review’. Computers in Human Behavior 72 (July): 412–21. https://doi.org/10.1016/j.chb.2017.03.002.

Back to top