Groups Online

This chapter provides a brief introduction to hacktivism and social protest online and highlights some of the socio-psychological and cognitive factors that can lead to individuals taking part in hacktivism groups. Hacktivism is an ill-defined area which some claim as a legitimate form of protest in the online world and others regard as illegal hacking; there is truth to both arguments, and those who believe it should be protected will continue to work for it to be recognised. The chapter explains how the depth of social ties and influence are still being examined, and whilst cognitive biases are recognised, strategies to mitigate and combat the vulnerability they present are still being developed.

Online Decision Making

The growth in computer-mediated communication has created real challenges for society; in particular, the internet has become an important resource for “convincing” or persuading a person to make a decision. From a cybersecurity perspective, online attempts to persuade someone to make a decision has implications for the radicalisation of individuals. This chapter reviews multiple definitions and theories relating to decision making to consider the applicability of these to online decision making in areas such as buying behaviour, social engineering, and radicalisation. Research investigating online decision making is outlined and the point is made that research examining online research has a different focus than research exploring online decision making. The chapter concludes with some key questions for scholars and practitioners. In particular, it is noted that online decision making cannot be explained by one single model, as none is sufficient in its own capacity to underpin all forms of online behaviour.

A Study of Good-Enough Security in the Context of Rural Business Process Outsourcing

Data objects having low value like insurance or data-entry forms are shared between a client and rural business process outsourcing (RBPO) organisations for tasks like translation, proofreading, and data entry. These data objects are first decomposed into smaller parts and then assigned to RBPO users. Each user in a RBPO has access to only a few parts of a complete data object which he can leak to unauthorised users. But since the value of these parts is low, there is not enough incentive for the user to leak them. Such scenarios need good-enough security models that can provide reasonable security to an aggregate number of parts of low value data objects. In this chapter, the authors study the secure data assignment and leakage in RBPO by modeling it in the form of an optimisation problem. They discuss different scenarios of object decomposition and sharing, penalty assignment, and data leakage in the context of RBPO. They use LINGO toolbox to run their model and present insights.

Volunteered Surveillance

As the front end of the digitized commercial world, corporations, marketers, and advertisers are under the spotlight for taking advantage of some part of the big data provided by consumers via their digital presence and digital advertising. Now, collectors and users of that data have escalated the level of their asymmetric power with scope and depth of the instant and historical data on consumers. Since consumers have lost the ownership (control) over their own data, their reaction ranges from complete opposition to voluntary submission. This chapter investigates psychological and societal reasons for this variety in consumer behavior and proposes that a contractual solution could promote a beneficial end to all parties through transparency and mutual power.

The “Human Factor” in Cybersecurity

A great deal of research has been devoted to the exploration and categorization of threats posed from malicious attacks from current employees who are disgruntled with the organisation, or are motivated by financial gain. These so-called “insider threats” pose a growing menace to information security, but given the right mechanisms, they have the potential to be detected and caught. In contrast, human factors related to aspects of poor planning, lack of attention to detail, and ignorance are linked to the rise of the accidental or unintentional insider. In this instance there is no malicious intent and no prior planning for their “attack,” but their actions can be equally as damaging and disruptive to the organisation. This chapter presents an exploration of fundamental human factors that could contribute to an individual becoming an unintentional threat. Furthermore, key frameworks for designing mitigations for such threats are also presented, alongside suggestions for future research in this area.

Introducing Psychological Concepts and Methods to Cybersecurity Students

This chapter begins with a brief review of the literature that highlights what psychology research and practice can offer to cybersecurity education. The authors draw on their wide-ranging inter-disciplinary teaching experience, and in this chapter, they discuss their observations gained from teaching psychological principles and methods to undergraduate and postgraduate cybersecurity students. The authors pay special attention to the consideration of the characteristics of cybersecurity students so that psychology is taught in a way that is accessible and engaging. Finally, the authors offer some practical suggestions for academics to help them incorporate psychology into the cybersecurity curriculum.

The Role of Psychology in Understanding Online Trust

Across many online contexts, internet users are required to make judgments of trustworthiness in the systems or other users that they are connecting with. But how can a user know that the interactions they engage in are legitimate? In cases where trust is manipulated, there can be severe consequences for the user both economically and psychologically. In this chapter, the authors outline key psychological literature to date that has addressed the question of how trust develops in online environments. Specifically, three use cases in which trust relationships emerge are discussed: crowdfunding, online health forums, and online dating. By including examples of different types of online interaction, the authors aim to demonstrate the need for advanced security measures that ensure valid trust judgments and minimise the risk of fraud victimisation.

Online Research Methods

With the advancement of technology and internet connectivity, the potential for alternative methods of research is vast. Whilst pen-and-paper questionnaires and laboratory studies still prevail within most scientific disciplines, many researchers are selecting more contemporary methods for undertaking research. This chapter provides an overview of a number of key online research methodologies to highlight their role in scientific investigation. In particular, it suggests how these may function to enhance our understanding of psychological issues, particularly within areas relating to cybersecurity.

Psychological and Behavioral Examinations of Online Terrorism

It has long been recognised that terrorists make use of the internet as one of many means through which to further their cause. This use of the internet has fuelled a large number of studies seeking to understand terrorists' use of online environments. This chapter provides an overview of current understandings of online terrorist behavior, coupled with an outline of the qualitative and quantitative approaches that can and have been adopted to research this phenomenon. The chapter closes with a discussion of the contentious issue of ethics in online terrorism research. The aim of the chapter is to equip readers with the necessary knowledge and skills to conduct their own research into terrorists' online behavior, taking best ethical practices into consideration when doing so.

Cyber + Culture

Technical advances in cyber-attack attribution continues to show incremental improvement. A growing interest in the role of the human in perception management, and decision-making suggest that other aspects of human cognition may be able to help inform attribution, and other aspects of cyber security such as defending and training. Values shape behaviors and cultural values set norms for groups of people. Therefore, they should be considered when modeling behaviors. The lack of studies in this area requires exploration and foundational work to learn the limits of this area of research. This chapter highlights some of the findings of some of the recent studies.