Understanding factors that influence unintentional insider threat: a framework to counteract unintentional risks

The exploitation of so-called insiders is increasingly recognised as a common vector for cyberattacks. Emerging work in this area has considered the phenomenon from various perspectives including the technological, the psychological and the sociotechnical. We extend this work by specifically examining unintentional forms of insider threat and report the outcomes of a series of detailed Critical Decision Method (CDM) led interviews with those who have experienced various forms of unwitting cybersecurity breaches. We also articulate factors likely to contribute firmly in the context of everyday work-as-done. CDM’s probing questions were used to elicit expert knowledge around how decision making occurred prior, during and post an unintentional cyber breach whilst participants were engaged in the delivery of cognitive tasks. Through the application of grounded theory to data, emerging results included themes of decision making, task factors, accidents and organisational factors. These results are utilised to inform an Epidemiological Triangle to represent the dynamic relationship between three vectors of exploit, user and the work environment that can in turn affect the resilience of cyber defences. We conclude by presenting a simple framework, which for the purposes of this work is a set of recommendations applicable in specific scenarios to reduce negative impact for understanding unintentional insider threats. We also suggest practical means to counteract such threats rooted in the lived experience of those who have fallen prey to them.

Now you see it, now you don’t: dynamism amplifies the typicality effect

Some safety events do not stabilise in a coherent state, presenting with transient or intermittent features. Such dynamism may pose problems for human performance, especially if combined with non-typical stimuli that are rarely encountered in everyday work. This may explain undesirable pilot behaviour and could be an important cognitive factor in recent aircraft accidents. Sixty-five airline pilots tested a real-world typicality gradient, composed of two cockpit events, a typical event, and a non-typical event, across two different forms of dynamism, a stable, single system transition, and an unstable, intermittent system transition. We found that non-typical event stimuli elicited a greater number of response errors and incurred an increased response latency when compared to typical event stimuli, replicating the typicality effect. These performance deteriorations were amplified when a form of unstable system dynamism was introduced. Typical stimuli were unaffected by dynamism. This indicates that dynamic, non-typical events are problematic for pilots and may lead to poor event recognition and response. Typical is advantageous, even if dynamic. Manufacturers and airlines should evolve pilot training and crew procedures to take account of variety in event dynamics.

Development of training method for vessel traffic service based on cognitive process

Vessel traffic service (VTS) is important to protect the safety of maritime traffic. Along with the expansion of monitoring area per VTS operator in Tokyo Bay, Japan, inexperienced operators must acquire the ability to quickly and accurately detect conditions that requires attention (CRAs) from a monitoring screen. In our previous study (Song B, Itoh H, Kawamura Y, Fukuto J (2018) Analysis of Cognitive Processes of Operators of Vessel Traffic Service. In: Proceedings of the 2018 International Association of Institutes of Navigation. IAIN 2018, pp 529–534, Song et al., J Jpn Inst Navig 140:48–54, 2019), we established a task analysis method based on the assumption that the cognitive process model consists of three stages: “situational awareness”, “situation judgment”, and “decision making”. A simulation experiment was conducted for VTS operators with different levels of ability and their cognitive processes were compared based on the observation of eye movements. The results showed that the inexperienced operators’ abilities to predict situation changes were lower. And it was considered that oral transmission of the knowledge is difficult, thus new training methods are needed to help the inexperienced operators to understand the prediction methods of experienced operators. In this study, based on the cognitive process of an experienced operator, we analyzed the prediction procedures of situation changes and developed an educational tool called vessel traffic routine (VTR). The training method learning VTR aims to quickly improve inexperienced VTS operators’ abilities to predict situation changes. A simulation verification experiment of the VTR effect was conducted for four inexperienced operators, who were divided into two groups with and without prior explanation of VTR. By evaluating the cognitive processes of inexperienced operators, it was confirmed that those given prior explanations of VTR were better at detecting CRAs.

Leveraging human factors in cybersecurity: an integrated methodological approach

Computer and Information Security (CIS) is usually approached adopting a technology-centric viewpoint, where the human components of sociotechnical systems are generally considered as their weakest part, with little consideration for the end users’ cognitive characteristics, needs and motivations. This paper presents a holistic/Human Factors (HF) approach, where the individual, organisational and technological factors are investigated in pilot healthcare organisations to show how HF vulnerabilities may impact on cybersecurity risks. An overview of current challenges in relation to cybersecurity is first provided, followed by the presentation of an integrated top–down and bottom–up methodology using qualitative and quantitative research methods to assess the level of maturity of the pilot organisations with respect to their capability to face and tackle cyber threats and attacks. This approach adopts a user-centred perspective, involving both the organisations’ management and employees, The results show that a better cyber-security culture does not always correspond with more rule compliant behaviour. In addition, conflicts among cybersecurity rules and procedures may trigger human vulnerabilities. In conclusion, the integration of traditional technical solutions with guidelines to enhance CIS systems by leveraging HF in cybersecurity may lead to the adoption of non-technical countermeasures (such as user awareness) for a comprehensive and holistic way to manage cyber security in organisations.