Last week Ada’s year 13 psychology class enjoyed a fascinating presentation by Dr Maria Bada from the Cambridge Cybercrime Centre at the University of Cambridge. Maria is a psychologist and works in Cyber Psychology, a new field studying the psychological phenomenons of behaviour online. It also looks at new technology like Artificial Intelligence (AI) and robotics, studying issues like AI empathy and researching questions like whether we can identify the characteristics that a humanoid robot can have so that they can facilitate therapy or be used in the health sector. It’s super interesting, and a perfect blend of the students’ technology and psychology fields of study.
Real-world behaviour vs virtual world behaviour
So Maria asked students: What do they think the link between the virtual world and the real world is? Did they think there is no impact in the real world from our actions in the virtual world? Of course not! Increasingly psychologists are seeing that there is a link; that the manner in which people behave online can increase their risk of becoming a victim of online crime, meaning that studying human behaviour is key in Cyber Security risk prevention.
Students discussed what they already know about human behaviour and why people might behave differently online than when having a face-to-face conversation. The answers included: that people feel they are invisible and unaccountable online, people interact asynchronously (in different time zones) giving them more time before they have to respond, and so can think about framing their responses in more manipulative ways, and the lack of body language and tone of voice leading to misinterpretations.
The psychology behind phishing
We all know that people shape different personalities online, almost like making a character or persona in a gaming environment, and this gives people a sort of freedom online. Maria pointed out that this can lead to people becoming offenders or victims of cyber crime. As our students know from their study of IT Systems Security in their computer science course, phishing is the #1 type of cyber attack (along with scams) and so cyber crime is totally linked with human psychology. Victims often feel angry or powerless as they might not have the skills to defend themselves against these attacks which leads to a sense of “learned helplessness” which then leads to further attacks. This is why phishing is still so prevalent.
Maria went on to explain that research in psychology can be a useful tool to understand both victims’ and offenders’ behaviours and so help governments, schools and individuals to support people to better defend themselves against cyber attacks and help rehabilitate perpetrators of attacks.
Protection Motivation Theory
So what makes someone likely to protect themselves from attacks? Again, psychology research can help us understand behaviour. Psychologists know that people have different perceptions of risks: what risk do we accept? How much control do we have? Was the attack fair (i.e. I didn’t protect myself, or I did). Protection Motivation Theory tells us what influences a user’s motivation to apply security tools including the perceived severity of the attack and the user’s belief of their susceptibility and their belief that they can cope. For example, that they have the skills and knowledge to install and use anti-virus software.
Maria suggests for an effective prevention activity we need to get users to follow preventive measures and believe our coping behaviour is high. Most of the time, although some of us know what we should do, many users, for example, the elderly or unskilled digitally, will have a very low level of the efficacy of their responses to cyber threats and unfortunately this can lead to them becoming victims again.
Psychology of cyber criminals
Next Maria discussed how personality theories in Psychology help us to understand how someone becomes a cyber criminal. Maria spoke of the 3 main personality theories and triggered an excellent discussion of introversion vs extroversion and how this will influence online behaviour.
She concluded by talking about the need for prevention programmes to divert young people from criminal behaviour online and how teaching and education is better than punishment. Offering “rewards” like alternative ways to practice their skills or working with cyber crime units are some ways to achieve this.
It was great to get this comprehensive overview and that students were really challenged to think about what they already know about both Cyber Security and Psychology. It gave students who will be starting university courses in the autumn a taster of what university lectures and discussion will be like.
Many thanks to Dr Maria Bada of the Cambridge Cybercrime Centre at the University of Cambridge!