Abstract
The world faces increasing prevalence of cyber threats and cyberattacks despite advancements in technological defences against them. Cyber perpetrators are constantly looking to exploit any vulnerabilities in the computer and network systems, which humans are unfortunately the weakness link. Although they are aware of the threats and know what should be done in order to protect themselves and their organisations, people are still not engaging enough in these cyber hygiene practices. This article consequently attempts to understand human behaviours in cyberspace, providing insights to the reasons for this phenomenon and what can be done to improve it.
TopUnderstanding The Weakest Link In Cyberattacks: Human Behaviours
Cyberattacks can be perpetuated via two means: (1) system-centric approach, where perpetrators exploit the technical vulnerabilities of a computer or network system to conduct an attack, and (2) user-centric approach, where negligence or mistakes of the computer users facilitated the execution of cyberattacks (Neupane, Rahman, Saxena, & Hirshfield, 2015). However, successful cyberattacks in reality are often a result of the latter, in which human errors rather than technological shortcomings are the main cause of concern (Kelly, 2017; Tasman-Jones, 2016). According to Symantec, 97 percent of malware attacks in 2016 targeted people and their poor online behaviours, with only the remaining three percent attributed to actual flaws in the network security system itself (Bennett, 2017).
Key Terms in this Chapter
Optimism Bias: A human tendency where people overestimate the likelihood of good things and underestimate the likelihood of bad things happening onto them.
Cyberattack: A form of cyber threat whereby perpetrators aim to create a backdoor in a computer or network system to gain unauthorised access into these systems.
Cyber Hygiene: Cyber protective behaviours that people engage in whilst on the computer and internet, such as installing and updating anti-virus software.
Social engineering: The psychological manipulation of victims by cyber perpetrators, in order to get victims to divulge sensitive confidential information, or to perform certain actions that help perpetrators to successfully execute their cyberattacks.