June 13, 2024

Decoding Human-Centered Cybersecurity with Security Attitudes | A Conversation with Julie Haney and Dr. Cori Faklaris | Redefining CyberSecurity with Sean Martin

48 minutes

Guests:

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]

On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

Dr. Cori Faklaris, Assistant Professor, University of North Carolina at Charlotte [@unccharlotte], Director, Security and Privacy Experiences (SPEX) research group [@SPEX_lab]

On LinkedIn | https://www.linkedin.com/in/corifaklaris/

On Twitter | https://twitter.com/heycori

On Mastodon | https://hci.social/@Heycori

On Facebook | https://www.facebook.com/heycori

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

View This Show's Sponsors

___________________________

Episode Notes

In this new episode of the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney welcomed Dr. Cori Faklaris, an assistant professor at the University of North Carolina, Charlotte, to discuss the intricate relationship between human-centered research and cybersecurity. Dr. Faklaris, who leads the Security and Privacy Experience Research Group at the university, shared valuable insights on the intersection of human behavior and security practices.

The episode delved into Dr. Faklaris' extensive research on security attitudes and behaviors. She introduced the Security Attitudes (SA) scales, particularly the SA-6 and SA-13, which are tools designed to measure people's security attitudes. These scales provide a reliable and valid means to gauge individuals' perspectives on cybersecurity, which can be critical for organizations looking to enhance their security training programs. By regularly measuring security attitudes before and after training, organizations can assess the effectiveness of their initiatives and identify areas for improvement. Dr. Faklaris emphasized the importance of considering not just attitudes but also social norms and perceived behavioral control when examining security behaviors.

A significant portion of the discussion centered around the challenges posed by smishing—phishing attacks conducted via SMS. Dr. Faklaris highlighted that younger people and college students are particularly vulnerable to such attacks. Her research indicates that demographic factors can influence susceptibility to smishing, underscoring the need for targeted awareness campaigns and tailored security measures.

The episode also touched on the broader implications of trust and usability in communication systems, with Dr. Faklaris stressing the importance of clear and trustworthy communication channels to prevent user fatigue and mistrust. In addition to her academic endeavors, Dr. Faklaris is spearheading a new cybersecurity clinic at UNC Charlotte. This initiative aims to support local organizations, particularly small businesses and non-profits, by providing them with valuable cybersecurity guidance and services free of charge. The clinic, which will involve student teams working on real-world problems, seeks to bridge the gap between academic research and practical application while fostering community engagement and providing hands-on experience to students.

The episode serves as a treasure trove of insights for security leaders and practitioners, offering practical advice on enhancing security training and awareness programs. By leveraging research-backed methods and fostering community partnerships, organizations can better navigate the complex human factors that influence cybersecurity practices. Dr. Faklaris' work serves as a powerful reminder of the critical role human-centered approaches play in building robust and effective security frameworks.