The average citizen is often unaware of common strategies to protect themselves from cybersecurity threats. Consequently, large numbers of computer users are vulnerable to lapses in security from actions such as choosing weak passwords, clicking on phishing links, opening attachments from unknown senders, ignoring security warnings on devices, and falling victim to social engineering or identity theft. Although there have been many studies on training and educating people on cybersecurity best practices, the fact that these vulnerabilities are still being exploited imply that current training is not effective for all users. The objective of this project is to effectively educate the average user about common cybersecurity threats so that they are not vulnerable to these types of attacks. The project will create new education modules that are personalized to each user, building on the fact that different users have different personalities and may react to threats in different ways. The result could be more cybersecurity-aware citizens, which could reduce the number of "easy" hacks and cyber thefts.
It has already been shown that different models are needed to effectively educate individuals with different personality traits and learning behaviors. There is no "one-size-fits-all" model. The researchers' aims are to 1) increase cybersecurity compliance with schema matching messages, and 2) develop and evaluate the effectiveness of cybersecurity education modules. The researchers have shown that individual differences in personality traits can be used to predict cybersecurity perceptions and practices. The research will classify personalities through analysis of the language of social media. Personalized cybersecurity education modules will then be developed and evaluated. Users' personalities will be assigned based on the "True Colors" Personality Categories, which are based on the Myers-Briggs personality categories, and the Big Five Personality traits. This personalized education module approach could be applied in other areas such as management, teaching, and safety training. Moreover, users will become more security-aware which could lead to a reduction in cybersecurity breaches.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.