Human-centred cybersecurity - essential for appropriate cybersecurity measures

In cybersecurity, the human-centric perspective emphasises the complex interaction between individuals and technology. It goes beyond traditional technical solutions and examines how people understand, interact with, use or misuse cybersecurity. It includes analysing the societal, economic and political implications of cybersecurity and their mutual impact.

One example is the use of IoT technologies in the home and how human-centred cybersecurity goes beyond technical authentication or user interfaces and seeks to understand different groups using the technology in depth and assess the security risks each person faces if the technology is compromised or misused.

Why are human aspects important in cybersecurity?

-Traditionally, humans have been considered the weakest link in cybersecurity because of the difficulty in constraining human behaviour within predefined boundaries. "Humans are unpredictable, and a technology-centric approach that tries to constrain their behaviour can lead to ineffective results," says Asreen Rostami, a researcher at RISE.

Research in human-computer interaction and cyber security

Asreen shares insights from her research in human-computer interaction (HCI), particularly focused on extended reality (XR) and human-centred cybersecurity. By examining user groups' perceptions, reactions and responses to cybersecurity incidents, the research aims to increase understanding from different perspectives, including female viewpoints.

With the increasing complexity of hybrid threats and new technologies, Asreen emphasises the importance of integrating human aspects into cybersecurity. This includes understanding users' needs and experiences to design effective and ethical cybersecurity solutions.

Motives behind human hacking

One of the research studies examined the motivation behind users hacking their own devices. It was found that users sometimes take matters into their own hands when they experience limitations in the functionality of the technology, which has happened in both the diabetes and sleep apnoea patient groups. By understanding these motivations, we can better adapt the technology to users' needs and avoid potential security risks.

The examples of user hacking illustrate the conflict between the different interests of users and companies or designers. Social initiatives can result in creative solutions, but they rely on technical know-how and may lack the scrutiny that experts can provide. Lack of security review can lead to cybersecurity threats and put users' health and lives at risk.

User experience and psychological effects

Another study investigated by Asreen focused on users' experiences of hacked, or suspected hacks, of home IoT systems. One conclusion was that users often questioned whether they had been hacked, who the perpetrator was, and why they had been targeted. For example, a common brand of household smart light bulbs displayed error conditions by blinking without notifying users. This created confusion and concern among users, who assumed they were hacked. The phenomenon of 'non-hack hacks' can have profound psychological impacts, including paranoia and 'cybernoia', emphasising the need to consider cybersecurity from a holistic perspective.

Current research projects at RISE

Asreen is currently engaged in several research projects in human-centred cybersecurity. These include redesigning security strategies for indoor security cameras, analysing cybersecurity incidents in different sectors to find insights that can influence future security practices, and investigating privacy and security issues in co-located remote XR interactions.

PThese projects aim to bring together technical and human aspects of cybersecurity to create robust and adaptable security measures. By exploring the complex relationships between technology and people, the research contributes to the development of sustainable cybersecurity solutions.

Want to know more?

To read more about Asreen's research and projects, visit her profile Asreen Rostami, Senior Researcher | RISE or read more here:

• XR Horizons: Unravelling Multi-User Interaction, Multisensory Experiences, and Ethical Considerations in the Realm of Spatial Computing
• Why Users Hack: Conflicting Interests and the Political Economy of Software
• Being Hacked: Understanding Victims' Experiences of IoT Hacking
• Understanding real-world cybersecurity incident responses in Sweden