Understanding the cybersecurity grapevine

Daniel Tkacik

Apr 24, 2018

When people get word of an online data breach, men are far more likely to share that news with their colleagues and women are much more likely to share it with family and significant others, CyLab researchers report.

And people who are relatively well-informed about security and privacy risks are more likely to share the news than are people who are less-informed.

These findings, to be presented this week at CHI 2018, the Conference on Human Factors in Computing, in Montreal, Canada, come from a two-year study of almost 2,000 people, who were asked whether they had heard about or shared information following events such as the Panama Papers leak or the Yahoo! email hack.

"One obvious way of disseminating cybersecurity news and best practices is through people's social networks," said CyLab's Jason Hong, associate professor in the Human-Computer Interaction Institute (HCII).

"Security is sort of a solo sport – you only look out for yourself," said lead author Sauvik Das, a Ph.D. alumnus of HCII, now an assistant professor of interactive computing at Georgia Tech. "But our findings suggest that it may be time to make it more of a team sport."

Four types of news events came up over these two years: financial data breaches, high-sensitivity data breaches, corporate data breaches, and politicized or activist cybersecurity. Of those, news about financial data breaches was the most likely type to be shared.

"If you know some of your friends use a certain bank, and then you see news involving a financial data breach with that bank, you'll probably share it with them," Hong said.

 

Security is sort of a solo sport – you only look out for yourself. But our findings suggest that it may be time to make it more of a team sport.

lead author Sauvik Das, Assistant Professor of interactive computing, Georgia Tech

The study is an initial step to improve understanding of how cybersecurity news and information is disseminated within the general population. Once you have a robust understanding of that, Hong explained, you can begin to optimize ways to increase awareness and improve security.

"If you look at all these data breaches, they tend to be fairly basic things. You could have prevented this by using a better password or by using 2-factor authentication," Hong said. "How do we get more of these best practices disseminated among the population so they're more likely to be used?"

Other authors on the study included Social and Decision Sciences student Joanne Lo and HCII associate professor Laura Dabbish.