Cybersecurity
4
Psychology

What "CySec4Psych" is about:

Digitalization affects every aspect of human lives. There are weekly, if not daily news bulletins on major data breaches of small, medium and large enterprises. Studies show that 3 out of 4 SMEs have experienced at least one major cyber attack in the last year (Accenture, 2019). Traditionally, cybersecurity has been viewed as a technical problem, for which software and hardware solutions were key. However, in recent years, the focus has moved from the technical to the human aspect of cyber security. People are more and more considered ‘the weakest link’, or light-heartedly referred to as PEBCAK (problem exists between chair and keyboard). With human error and cyber attacks aimed at individuals rather than machines becoming every-day occurences, there is a strong need to solve cybersecurity issues on this level. Coming from a programming background, computer scientists usually aim to solve these weaknesses in the architecture of software. However, a piece of software can ask for a strong password, but if the employee who needs to create the strong password, writes it down on a post-it that is left on his desk, the ‘improved’ software security is easily becoming obsolete. Instead of trying to solve human problems with technological solutions, or reinventing the wheel, a better solution is to look at existing scientific knowledge and work with experts on human behaviour. Knowledge in the field of psychology can create more effective awareness campaigns, improve compliance with security policies through tried and tested behavioural change interventions, and train people in detecting social cyber attacks through the use of existing knowledge in the cognitive psychology domain. These collaborations lead to improved individual cybersecurity, safer organisations, and a better functioning (international) society. To achieve this, working with psychologists is key as they are trained to describe, understand and solve human behaviour issues. By bringing psychologists into the cybersecurity field, they can apply existing psychological theories and best practices to cybersecurity problems, as well as develop new psychological theories on the specifics of cyberattacks and cyber resilience.

There are three target groups with the following needs:
Students: need new adaptive knowledge and skills in order to be fully prepared for the rapidly changing field of occupational psychology (i.e. about cyber security and respective career paths)
Organizations/Cyber Security practitioners: Need for evidence-based cyber security knowledge from a psychological perspective
Lecturers/Reseachers/Teachers: Need for teaching and training material, overview over current challenges in cyber security, research and training

Hence, the main objectives of the project are:
1. Establish cyber security as a career path for psychology graduates through awareness raising activities
2. Reduce skills gap in cyber security by creating ready-to-use teaching and training concepts, as well as research and training agenda
3. Initiate a network of cyber security psychologists across Europe
4. Develop a set of international state-of-the art modules, addressing educational and labour-market needs.

Given the limited number of psychologists around the world working in cyber security and the vast number of avenues that could be addressed, there is a clear need for working on a project like this without being confined to national borders.