SlideShare a Scribd company logo

Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior

S
Sauvik Das

I discuss some research that empirically illustrates the connection between social influences and security behaviors. I presented this talk at Enigma 2018.

Science
1 of 46
Download to read offline
SOCIAL CYBERSECURITY Reshaping Security Through An Empirical Understanding of Human Social Behavior Sauvik Das Georgia Tech sauvik@gatech.edu @scyrusk
How can we design systems that encourage better cybersecurity behaviors?
What makes people… …use a PIN on their phone? …enable two-factor authentication? …keep their software updated? …behave “securely”?
“I started using [a PIN] because everyone around me had a [PIN] so I kind of felt a group pressure to also use a [PIN].
“One of my boys wanted to use my phone…so I gave them my passcode. And not that I have anything that I don’t care for them to see or anything, but after they did that then I changed it”
“my friends...have a lot of different accounts, the same as me. But they didn’t get into any trouble. So I think maybe it will not be dangerous [to reuse passwords].”
A lot of it is social. Security behavior, like any human behavior, is largely driven by social influence.
~50% of behaviors were socially driven HACKERS, TOM HACKERS EVERYWHERE
Absent knowledge of how security and social behaviors interact, we have little hope of doing better
Measuring Social Influence In Security Behaviors Improving Security Behaviors with Social Influence Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Making cybersecurity systems more social can encourage better security behaviors.
Social influences strongly affect cybersecurity behaviors, and we can encourage better behaviors by designing more social cybersecurity systems.
Measuring Social Influence In Security Behaviors Improving Security Behaviors with Social Influence
MEASURING SOCIAL INFLUENCE IN SECURITY BEHAVIORS Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. The Role of Social Influence in Security Feature Adoption. Proc. CSCW’15.
Login Notifications Login Approvals Trusted Contacts Analyzed how the (non)-use of three optional security tools was affected by friends' use of those tools for 1.5 million Facebook user's social networks. Standard Social
DATA COLLECTED 750k 750kusers who newly adopted one of the aforementioned security tools. “use-nots” who had not adopted one of the aforementioned security tools.
Users Use-nots Social influence?
MATCHED PROPENSITY SAMPLING For each exposure level, compare adoption rate of those who are exposed versus those who are not. This is the effect of social influence. For a given security tool, empirically select exposure levels to friends who use that tool. e.g., 1%, 5%, 10%... Aral, S, Muchnik, L., and Sundarajan, A. Distinguishing influence-based contagion from homophily-driven diffusion in dynamic networks. PNAS 106 (51). 2009.
0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool
0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect
0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect
0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts
-50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts Login Approvals
-50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts Login Approvals Login Notifications What’s going on here?
DISAFFILIATION e.g., teenagers who dislike facebook because parents now use it
Early adopters of some security tools can be perceived as “paranoid” or ”nutty”, and, in turn, stigmatize the use of those security tools.
-50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 All effects go up and to the right. More exposure is good! GOOD NEWS
-50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 The design of a security tool affects its potential for social spread. GOOD NEWS
Observability Cooperation Stewardship
Measuring Social Influence In Security Behaviors Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Improving Security Behaviors with Social Influence
IMPROVING SECURITY BEHAVIORS WITH SOCIAL INFLUENCE Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. Proc. CCS’14.
Randomized experiment with 50,000 Facebook users.
8 conditions: 7 social + 1 non-social control 6250 randomly assigned participants per condition Experiment ran for 3 days
MEASURES CTR 7d 5mo adoptions adoptions(click through rate)
46,235 (93%) logged in and saw announcement 5,971 (13%) clicked on an announcement 1,873 (4%) adopted one of the promoted tools within 7 days 4,555 (10%) adopted one of the promoted tools within 5 months DESCRIPTIVE STATS
8 9 10 11 12 13 14 15 Raw # Some Over # Only # Over % Only % Raw % Control 7d adoptions 5m adoptions Click-through rate Raw # vs Control 1.36x improvement in CTR 1.10x improvement in adoptions
Measuring Social Influence In Security Behaviors Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Improving Security Behaviors with Social Influence Making cybersecurity systems more social can encourage better security behaviors.
How can we design systems that encourage better cybersecurity behaviors?
Observable Cooperative Stewarded There is a fruitful but largely untapped opportunity to improve cybersecurity behaviors by making social systems that are more:
How can we make it easier for people to observe and emulate good security behaviors? OBSERVABLE
How can we design additive security systems that make group security a sum instead of a min function? COOPERATIVE
How can we design systems that allow people to act on their concern for the security of their loved ones? STEWARDED
Social influences strongly affect cybersecurity behaviors, and we can encourage better behaviors by designing more social cybersecurity systems. SOCIAL CYBERSECURITY Reshaping Security Through An Empirical Understanding of Human Social Behavior Sauvik Das Georgia Tech sauvik@gatech.edu @scyrusk

Recommended

How to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlogHow to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlog
ITrust - Cybersecurity as a Service
 
Predictive Risk
Predictive RiskPredictive Risk
Predictive Risklnbj50
 
Srikanth
SrikanthSrikanth
Srikanthkondalarao7
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
EC-Council
 
Wannacry or learn?
Wannacry or learn?Wannacry or learn?
Wannacry or learn?
dan hyde
 
Agentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterAgentless Patch Management for the Data Center
Agentless Patch Management for the Data Center
Ivanti
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Kymberlee Price
 
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malwareDigital Pymes
 

Recommended

How to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlogHow to cure yourself of antivirus side effects @ReveeliumBlog
How to cure yourself of antivirus side effects @ReveeliumBlog
ITrust - Cybersecurity as a Service
 
Predictive Risk
Predictive RiskPredictive Risk
Predictive Risklnbj50
 
Srikanth
SrikanthSrikanth
Srikanthkondalarao7
 
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
Security Metrics Rehab: Breaking Free from Top ‘X’ Lists, Cultivating Organic...
EC-Council
 
Wannacry or learn?
Wannacry or learn?Wannacry or learn?
Wannacry or learn?
dan hyde
 
Agentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterAgentless Patch Management for the Data Center
Agentless Patch Management for the Data Center
Ivanti
 
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Vulnerability Management Nirvana - Seattle Agora - 18Mar16
Kymberlee Price
 
12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malware12102 vipre business-protecting-against-the-new-wave-of-malware
12102 vipre business-protecting-against-the-new-wave-of-malwareDigital Pymes
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Jason Hong
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera readyMark Sinclair
 
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Elissa Redmiles
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
IRJET Journal
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
Peter Tutty
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
Casey Lucas
 
NetSafety w/ Anne Collier
NetSafety w/ Anne CollierNetSafety w/ Anne Collier
NetSafety w/ Anne Collier
Bernajean Porter
 
Online Safety 3.0
Online Safety 3.0Online Safety 3.0
Online Safety 3.0
Anne Collier
 
NSBA2010
NSBA2010NSBA2010
NSBA2010
Anne Collier
 
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Shakas Technologies
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
Contrast Security
 
204
204204
204
vivatechijri
 
Poster_final
Poster_finalPoster_final
Poster_finalRushil Goyal
 
final campaign
final campaignfinal campaign
final campaignJennifer Daniel
 
SkinnerJ_FinalPaper
SkinnerJ_FinalPaperSkinnerJ_FinalPaper
SkinnerJ_FinalPaperJake Skinner
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
Ann Johnson
 
Pirc net poster
Pirc net posterPirc net poster
Pirc net posterUC San Diego
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
mark-smith
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 
Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023
Sauvik Das
 
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Sauvik Das
 

More Related Content

Similar to Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior

The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Jason Hong
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera readyMark Sinclair
 
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Elissa Redmiles
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
IRJET Journal
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
Peter Tutty
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
Casey Lucas
 
NetSafety w/ Anne Collier
NetSafety w/ Anne CollierNetSafety w/ Anne Collier
NetSafety w/ Anne Collier
Bernajean Porter
 
Online Safety 3.0
Online Safety 3.0Online Safety 3.0
Online Safety 3.0
Anne Collier
 
NSBA2010
NSBA2010NSBA2010
NSBA2010
Anne Collier
 
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Shakas Technologies
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
Contrast Security
 
204
204204
204
vivatechijri
 
SkinnerJ_FinalPaper
SkinnerJ_FinalPaperSkinnerJ_FinalPaper
SkinnerJ_FinalPaperJake Skinner
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
Ann Johnson
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
mark-smith
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
OpenDNS
 

Similar to Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior (20)

The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
 
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
Increasing Security Sensitivity With Social Proof: A Large-Scale Experimenta...
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
 
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
Learning from the People: Responsibly Encouraging Adoption of Contact Tracing...
 
Detection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social NetworkDetection and Minimization Influence of Rumor in Social Network
Detection and Minimization Influence of Rumor in Social Network
 
Ponemon Institute Research Report
Ponemon Institute Research ReportPonemon Institute Research Report
Ponemon Institute Research Report
 
Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity Insightful Research: The State of Mobile Application Insecurity
Insightful Research: The State of Mobile Application Insecurity
 
NetSafety w/ Anne Collier
NetSafety w/ Anne CollierNetSafety w/ Anne Collier
NetSafety w/ Anne Collier
 
Online Safety 3.0
Online Safety 3.0Online Safety 3.0
Online Safety 3.0
 
NSBA2010
NSBA2010NSBA2010
NSBA2010
 
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
Mitigating Influence of Disinformation Propagation Using Uncertainty-Based Op...
 
Episode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of SonatypeEpisode Four: Wayne Jackson of Sonatype
Episode Four: Wayne Jackson of Sonatype
 
204
204204
204
 
Poster_final
Poster_finalPoster_final
Poster_final
 
final campaign
final campaignfinal campaign
final campaign
 
SkinnerJ_FinalPaper
SkinnerJ_FinalPaperSkinnerJ_FinalPaper
SkinnerJ_FinalPaper
 
Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...Surveillance Systems And Studies That Should Be...
Surveillance Systems And Studies That Should Be...
 
Pirc net poster
Pirc net posterPirc net poster
Pirc net poster
 
How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness How to Make People Click on a Dangerous Link Despite their Security Awareness
How to Make People Click on a Dangerous Link Despite their Security Awareness
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 

More from Sauvik Das

Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023
Sauvik Das
 
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Sauvik Das
 
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
Sauvik Das
 
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
Sauvik Das
 
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
Sauvik Das
 
Examining Game World Topology Personalization
Examining Game World Topology PersonalizationExamining Game World Topology Personalization
Examining Game World Topology Personalization
Sauvik Das
 
Revival Actions in a Shooter Game
Revival Actions in a Shooter GameRevival Actions in a Shooter Game
Revival Actions in a Shooter Game
Sauvik Das
 
Self-Censorship on Facebook
Self-Censorship on FacebookSelf-Censorship on Facebook
Self-Censorship on Facebook
Sauvik Das
 

More from Sauvik Das (8)

Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023Privacy for the People | HCIC 2023
Privacy for the People | HCIC 2023
 
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secre...
 
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
Epistenet: Facilitating Programmatic Access & Processing of Semantically Rela...
 
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
A Market In Your Social Network: The Effect of Extrinsic Rewards on Friendsou...
 
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
Testing Computer-Assisted Mnemonics and Feedback for Fast Memorization of Hig...
 
Examining Game World Topology Personalization
Examining Game World Topology PersonalizationExamining Game World Topology Personalization
Examining Game World Topology Personalization
 
Revival Actions in a Shooter Game
Revival Actions in a Shooter GameRevival Actions in a Shooter Game
Revival Actions in a Shooter Game
 
Self-Censorship on Facebook
Self-Censorship on FacebookSelf-Censorship on Facebook
Self-Censorship on Facebook
 

Recently uploaded

Deep Software Variability and Frictionless Reproducibility
Deep Software Variability and Frictionless ReproducibilityDeep Software Variability and Frictionless Reproducibility
Deep Software Variability and Frictionless Reproducibility
University of Rennes, INSA Rennes, Inria/IRISA, CNRS
 
bordetella pertussis.................................ppt
bordetella pertussis.................................pptbordetella pertussis.................................ppt
bordetella pertussis.................................ppt
kejapriya1
 
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
yqqaatn0
 
Toxic effects of heavy metals : Lead and Arsenic
Toxic effects of heavy metals : Lead and ArsenicToxic effects of heavy metals : Lead and Arsenic
Toxic effects of heavy metals : Lead and Arsenic
sanjana502982
 
platelets_clotting_biogenesis.clot retractionpptx
platelets_clotting_biogenesis.clot retractionpptxplatelets_clotting_biogenesis.clot retractionpptx
platelets_clotting_biogenesis.clot retractionpptx
muralinath2
 
20240520 Planning a Circuit Simulator in JavaScript.pptx
20240520 Planning a Circuit Simulator in JavaScript.pptx20240520 Planning a Circuit Simulator in JavaScript.pptx
20240520 Planning a Circuit Simulator in JavaScript.pptx
Sharon Liu
 
Nucleic Acid-its structural and functional complexity.
Nucleic Acid-its structural and functional complexity.Nucleic Acid-its structural and functional complexity.
Nucleic Acid-its structural and functional complexity.
Nistarini College, Purulia (W.B) India
 
Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA
SAMIR PANDA
 
Nutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technologyNutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technology
Lokesh Patil
 
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
yqqaatn0
 
Phenomics assisted breeding in crop improvement
Phenomics assisted breeding in crop improvementPhenomics assisted breeding in crop improvement
Phenomics assisted breeding in crop improvement
IshaGoswami9
 
Lateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensiveLateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensive
silvermistyshot
 
DMARDs Pharmacolgy Pharm D 5th Semester.pdf
DMARDs Pharmacolgy Pharm D 5th Semester.pdfDMARDs Pharmacolgy Pharm D 5th Semester.pdf
DMARDs Pharmacolgy Pharm D 5th Semester.pdf
fafyfskhan251kmf
 
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
Travis Hills MN
 
Red blood cells- genesis-maturation.pptx
Red blood cells- genesis-maturation.pptxRed blood cells- genesis-maturation.pptx
Red blood cells- genesis-maturation.pptx
muralinath2
 
Shallowest Oil Discovery of Turkiye.pptx
Shallowest Oil Discovery of Turkiye.pptxShallowest Oil Discovery of Turkiye.pptx
Shallowest Oil Discovery of Turkiye.pptx
Gokturk Mehmet Dilci
 
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
University of Maribor
 
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Sérgio Sacani
 
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốtmô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
HongcNguyn6
 
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptxThe use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
MAGOTI ERNEST
 

Recently uploaded (20)

Deep Software Variability and Frictionless Reproducibility
Deep Software Variability and Frictionless ReproducibilityDeep Software Variability and Frictionless Reproducibility
Deep Software Variability and Frictionless Reproducibility
 
bordetella pertussis.................................ppt
bordetella pertussis.................................pptbordetella pertussis.................................ppt
bordetella pertussis.................................ppt
 
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
原版制作(carleton毕业证书)卡尔顿大学毕业证硕士文凭原版一模一样
 
Toxic effects of heavy metals : Lead and Arsenic
Toxic effects of heavy metals : Lead and ArsenicToxic effects of heavy metals : Lead and Arsenic
Toxic effects of heavy metals : Lead and Arsenic
 
platelets_clotting_biogenesis.clot retractionpptx
platelets_clotting_biogenesis.clot retractionpptxplatelets_clotting_biogenesis.clot retractionpptx
platelets_clotting_biogenesis.clot retractionpptx
 
20240520 Planning a Circuit Simulator in JavaScript.pptx
20240520 Planning a Circuit Simulator in JavaScript.pptx20240520 Planning a Circuit Simulator in JavaScript.pptx
20240520 Planning a Circuit Simulator in JavaScript.pptx
 
Nucleic Acid-its structural and functional complexity.
Nucleic Acid-its structural and functional complexity.Nucleic Acid-its structural and functional complexity.
Nucleic Acid-its structural and functional complexity.
 
Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA Seminar of U.V. Spectroscopy by SAMIR PANDA
Seminar of U.V. Spectroscopy by SAMIR PANDA
 
Nutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technologyNutraceutical market, scope and growth: Herbal drug technology
Nutraceutical market, scope and growth: Herbal drug technology
 
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
如何办理(uvic毕业证书)维多利亚大学毕业证本科学位证书原版一模一样
 
Phenomics assisted breeding in crop improvement
Phenomics assisted breeding in crop improvementPhenomics assisted breeding in crop improvement
Phenomics assisted breeding in crop improvement
 
Lateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensiveLateral Ventricles.pdf very easy good diagrams comprehensive
Lateral Ventricles.pdf very easy good diagrams comprehensive
 
DMARDs Pharmacolgy Pharm D 5th Semester.pdf
DMARDs Pharmacolgy Pharm D 5th Semester.pdfDMARDs Pharmacolgy Pharm D 5th Semester.pdf
DMARDs Pharmacolgy Pharm D 5th Semester.pdf
 
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
Travis Hills' Endeavors in Minnesota: Fostering Environmental and Economic Pr...
 
Red blood cells- genesis-maturation.pptx
Red blood cells- genesis-maturation.pptxRed blood cells- genesis-maturation.pptx
Red blood cells- genesis-maturation.pptx
 
Shallowest Oil Discovery of Turkiye.pptx
Shallowest Oil Discovery of Turkiye.pptxShallowest Oil Discovery of Turkiye.pptx
Shallowest Oil Discovery of Turkiye.pptx
 
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
Comparing Evolved Extractive Text Summary Scores of Bidirectional Encoder Rep...
 
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...
 
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốtmô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
mô tả các thí nghiệm về đánh giá tác động dòng khí hóa sau đốt
 
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptxThe use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
The use of Nauplii and metanauplii artemia in aquaculture (brine shrimp).pptx
 

Social Cybersecurity: Reshaping Security Through An Empirical Understanding of Human Social Behavior

  • 1. SOCIAL CYBERSECURITY Reshaping Security Through An Empirical Understanding of Human Social Behavior Sauvik Das Georgia Tech sauvik@gatech.edu @scyrusk
  • 2. How can we design systems that encourage better cybersecurity behaviors?
  • 3.
  • 4. What makes people… …use a PIN on their phone? …enable two-factor authentication? …keep their software updated? …behave “securely”?
  • 5. “I started using [a PIN] because everyone around me had a [PIN] so I kind of felt a group pressure to also use a [PIN].
  • 6. “One of my boys wanted to use my phone…so I gave them my passcode. And not that I have anything that I don’t care for them to see or anything, but after they did that then I changed it”
  • 7. “my friends...have a lot of different accounts, the same as me. But they didn’t get into any trouble. So I think maybe it will not be dangerous [to reuse passwords].”
  • 8. A lot of it is social. Security behavior, like any human behavior, is largely driven by social influence.
  • 9. ~50% of behaviors were socially driven HACKERS, TOM HACKERS EVERYWHERE
  • 10. Absent knowledge of how security and social behaviors interact, we have little hope of doing better
  • 11. Measuring Social Influence In Security Behaviors Improving Security Behaviors with Social Influence Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Making cybersecurity systems more social can encourage better security behaviors.
  • 12. Social influences strongly affect cybersecurity behaviors, and we can encourage better behaviors by designing more social cybersecurity systems.
  • 13. Measuring Social Influence In Security Behaviors Improving Security Behaviors with Social Influence
  • 14. MEASURING SOCIAL INFLUENCE IN SECURITY BEHAVIORS Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. The Role of Social Influence in Security Feature Adoption. Proc. CSCW’15.
  • 15. Login Notifications Login Approvals Trusted Contacts Analyzed how the (non)-use of three optional security tools was affected by friends' use of those tools for 1.5 million Facebook user's social networks. Standard Social
  • 16. DATA COLLECTED 750k 750kusers who newly adopted one of the aforementioned security tools. “use-nots” who had not adopted one of the aforementioned security tools.
  • 18. MATCHED PROPENSITY SAMPLING For each exposure level, compare adoption rate of those who are exposed versus those who are not. This is the effect of social influence. For a given security tool, empirically select exposure levels to friends who use that tool. e.g., 1%, 5%, 10%... Aral, S, Muchnik, L., and Sundarajan, A. Distinguishing influence-based contagion from homophily-driven diffusion in dynamic networks. PNAS 106 (51). 2009.
  • 19. 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool
  • 20. 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect
  • 21. 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect
  • 22. 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts
  • 23. -50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts Login Approvals
  • 24. -50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 DifferenceinAdoptionRate Exposure to friends who use given security tool No effect Expected effect Trusted Contacts Login Approvals Login Notifications What’s going on here?
  • 25. DISAFFILIATION e.g., teenagers who dislike facebook because parents now use it
  • 26. Early adopters of some security tools can be perceived as “paranoid” or ”nutty”, and, in turn, stigmatize the use of those security tools.
  • 27. -50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 All effects go up and to the right. More exposure is good! GOOD NEWS
  • 28. -50 -40 -30 -20 -10 0 10 20 30 40 50 E1 E2 E3 E4 E5 The design of a security tool affects its potential for social spread. GOOD NEWS
  • 30. Measuring Social Influence In Security Behaviors Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Improving Security Behaviors with Social Influence
  • 31. IMPROVING SECURITY BEHAVIORS WITH SOCIAL INFLUENCE Das, S., Kramer, A., Dabbish, L., and Hong, Jason I. Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation. Proc. CCS’14.
  • 32. Randomized experiment with 50,000 Facebook users.
  • 33.
  • 34.
  • 35.
  • 36. 8 conditions: 7 social + 1 non-social control 6250 randomly assigned participants per condition Experiment ran for 3 days
  • 37. MEASURES CTR 7d 5mo adoptions adoptions(click through rate)
  • 38. 46,235 (93%) logged in and saw announcement 5,971 (13%) clicked on an announcement 1,873 (4%) adopted one of the promoted tools within 7 days 4,555 (10%) adopted one of the promoted tools within 5 months DESCRIPTIVE STATS
  • 39. 8 9 10 11 12 13 14 15 Raw # Some Over # Only # Over % Only % Raw % Control 7d adoptions 5m adoptions Click-through rate Raw # vs Control 1.36x improvement in CTR 1.10x improvement in adoptions
  • 40. Measuring Social Influence In Security Behaviors Social influence strongly affects security behaviors, and this effect is contingent upon the design of a security tool affects its potential for social spread. Improving Security Behaviors with Social Influence Making cybersecurity systems more social can encourage better security behaviors.
  • 41. How can we design systems that encourage better cybersecurity behaviors?
  • 42. Observable Cooperative Stewarded There is a fruitful but largely untapped opportunity to improve cybersecurity behaviors by making social systems that are more:
  • 43. How can we make it easier for people to observe and emulate good security behaviors? OBSERVABLE
  • 44. How can we design additive security systems that make group security a sum instead of a min function? COOPERATIVE
  • 45. How can we design systems that allow people to act on their concern for the security of their loved ones? STEWARDED
  • 46. Social influences strongly affect cybersecurity behaviors, and we can encourage better behaviors by designing more social cybersecurity systems. SOCIAL CYBERSECURITY Reshaping Security Through An Empirical Understanding of Human Social Behavior Sauvik Das Georgia Tech sauvik@gatech.edu @scyrusk