Cybersecurity is moving away from being merely an IT solution to include the human factor in cybersecurity as humans can make or break a good security system. Social engineering attacks that convince users to click on links that download malware to computers are an easier method of gaining access to a network than more traditional hacking methods.
Research is currently being conducted at Carnegie Mellon University that is focusing on the human aspect of cybersecurity, with researchers attempting to build in aspects of human behavior to enhance cybersecurity. For cybersecurity to work effectively, each individual within an organization must be on-board, according to the researchers.
“The human factor is big,“ Lorrie Cranor, associate professor of computer science and engineering and public policy at CMU and part of the CyLab program at the university, said. “We all break the rules. We need to understand the humans, understand human decision-making.“
By studying password selection, Cranor has found that the rules used for making passwords might provide for common characteristics. Many passwords are between 6 and 8 characters taken from the 26 letters of the alphabet and 20 available symbols. However, while computers are able to generate the passwords at random, humans don’t function that way.
“The problem is, humans don“™t do that,“ Cranor said. “They aren“™t random. We try to think about something that makes sense. It turns out we all think kind of similarly, in that respect.“