By Holly Giles
Phishing emails are common place in society with an estimated 1 out of 200 emails received being part of known security scams, meaning the real figure may be much higher. Through guessable passwords, trusting people with information and general predictability humans are well-known to be the weakest part of our security. Having been described as the “most vulnerable” link in the chain, researchers at Cardiff University are working to show that humans can be a source of strength in cyber defence.
The team behind this idea are the Human-Centric Cyber Security Accelerator, based at the Airbus Cyber Innovation Hub in Newport. It combines forces from the National Cyber Security Centre, the Welsh Government and Cardiff University’s School of Psychology.
Researcher Dr Phillip Morgan explained the project; “The programme represents a ‘first of a kind’ research accelerator within a commercial organisation – a novel approach for the cyber-security industry. This is an exciting opportunity for the University because it allows us to work within Airbus, with a workforce of over 135,000, and with a team of over 800 security specialists to shape and accelerate research programmes and projects in the critical area of human-centric cyber security.”
The team wants to promote humans as a source of strength in cyber security by finding approaches that “work with and engage people with the outcome of improving cyber security effectiveness.” This will be done through a range of research techniques to conduct studies and test public opinions and ideas. Through this they hope to develop a programme that targets and improves peoples’ cognitive flexibility, self-awareness and adaptability with the hope that this training will help protect people against scams online.
Dr Kevin Jones, Chief Information Security Officer of Airbus, said: “With increasingly sophisticated attacks being attempted every day, it simply isn’t possible to protect every user against every cyber-attack. We therefore need to think differently and identify ways for security to work with an organisation’s people, to better protect against an array of threats. With the right tools and approach, employees can be the strongest link in an organisation’s cyber defence. Our work aims to put people-centric thinking at the heart of an organisation’s security and we’re keen to hear from like minded researchers and organisations who are interested in getting involved with our new Accelerator.”
The project has now been going for one year and it is expected to take another two years to see successful results that can be rolled out across offices in the country. It provides hope that people will soon be better prepared for the chaotic world of cyber-phishing but one can only hope the hackers don’t also evolve in this time!