A UK university is to lead a £1.1m study into how people’s behaviour can lead to cybersecurity risks, including how people become victims of cybercrimes. The study will also look at new personalised approaches to encourage more secure human behaviours.
A new study being led by the University of Surrey will see academics exploring how best to tackle cybersecurity and cybercrime, focusing on how to better understand and influence behaviours of cybercriminals, victims, people who operate cybersecurity systems, business and governmental bodies. The project will involve 12 cybercrime and cybersecurity figures from across the world, as well as governmental (especially law enforcement) agencies, industry (cybersecurity companies) and NGOs.
The overall aim is to develop a framework to analyse the behaviours, including by criminals, victims, people who operate cybersecurity systems and define policies, business and governmental organisations such as law enforcement. Since the nature of the threat evolves as the technological background develops and criminals and security personnel continually adapt to each other’s countermeasures, the project organisers say they will will adopt an explicitly evolutionary approach drawing on perspectives ranging from biological to military arms races.
The research project is entitled “Addressing Cybersecurity and Cybercrime via a co-Evolutionary approach to reducing human-related risks”, and will be coordinated by the University of Surrey as the lead institute. It will involve researchers in five academic disciplines (Computer Science, Crime Science, Business, Engineering, Behavioural Science) at four UK research institutes (University of Surrey, UCL, University of Warwick, and the TRL lab). The project has an overall budget of £1.1m, with 80 per cent (£881,000) of that funding from the Engineering and Physical Sciences Research Council (EPSRC). It’s expected to start in April 2017 and will last for two years.
The project lead is Dr Shujun Li, a Deputy Director of Surrey Centre for Cyber Security (SCCS) and a Senior Lecturer of Surrey’s Department of Computer Science.
Dr Li said: “I am very excited about starting this project and working with a wonderful team of researchers from different disciplines and four different institutes. We believe that this research will open up new opportunities for the cybersecurity research community and the society at large, and will provide new knowledge and tools that make our highly digitised and connected world a safer place to live and to do business. We also welcome more researchers and organisations interested in our project to approach us to become part of this exciting project.”
The UK Government has identified cybersecurity as a Tier 1 threat to the UK; hence the National Cyber Security Programme, set up in 2011. The EPSRC looked for proposals to address five challenges identified at a 2014 workshop on Human Dimensions of Cyber Security: 1) design, build and measure; 2) a theory of everyone; 3) risk, trust and response; 4) understanding people; 5) evolution of cybercrime. The call had a focus on promoting collaborative, international and problem-driven research in this less funded area of cybersecurity.
At Surrey the project will involve Dr Michael McGuire of the Department of Sociology, a criminologist known by his research on cybercrime, Prof Roger Maull of Surrey Business School’s Centre of the Digital Economy (CODE), a business researcher, and Dr Helen Treharne of the Department of Computer Science and Surrey Centre for Cyber Security (SCCS), as co-investigators. Co-investigators from other partner institutes include Dr Hervé Borrion, Dr Gianluca Stringhini and designing out crime man Prof Paul Ekblom of University College London, Prof Irene Ng, Dr Xiao Ma and Dr Ganna Pogrebna of the University of Warwick, and Prof Alan Stevens of TRL.
Meanwhile WMG (Warwick Manufacturing Group) at the University of Warwick has appointed cyberpsychologist Prof Monica Whitty, who joins the Cyber Security research team from the University of Leicester, as Professor of Human Factors in Cyber Security.
As WMG’s first cyberpsychologist, she will work alongside colleagues in WMG’s Cyber Security Centre concentrating on the human element focusing on behaviour online to identify cyber criminals and in turn protect people from becoming victims.
Her research spans 15 years focusing on the way we behave in cyberspace, examining identities created in cyberspace, online security risks as well as detecting and preventing cybercrimes (eg, mass-marketing fraud, insider threats). She is author of ‘Cyberpsychology: The study of individuals, society and digital technologies’ (Wiley, 2017) with Garry Young. She leads an EPSRC funded project working with colleagues at a number of other universities on entitled “Detecting and Preventing Mass-Marketing Fraud.” One of the first new research projects she will lead at WMG – UNDERWARE (UNDERstanding West African culture to pRevent cybercrimEs) – is funded by National Cyber Security Centre (part of GCHQ) with Research Institute in Science of Cyber Security.
