Human Factors
Every large-scale study of cybercrime either concludes or notes that user error is involved in 95 percent or more of all cybercrime events like commercial data breaches and, for all the observers in the field, it is a matter of faith that cybercrime’s success is partly due to the built computing environment conditioning the user to be more easily manipulated by cybercriminals.
From the first year of APWG’s Symposium on Electronic Research in 2006 and every year after, a substantial proportion of the submissions to the review committee addresses human response aspects of cybercrime, even though in that first year, the CFP did not include specific requests for behavioral aspects research.
Many of those papers and the dialogs they’ve provoked, however, have moved APWG to organize important Applied Research programs that have established permanent cybercrime response and prevention resources such as:
- The Phishing Education Landing Page, a redirect system that ISPs can user to shunt users who’ve clicked on links to decommissioned phishing pages to an educational resource page;
- The STOP. THINK. CONNECT. cybersecurity awareness campaign that has been launched as the US government’s own in 2010 and subsequently adopted and launched in more than 20 other nations;
- The National Cyber Resilience Baselining program which would deploy the world’s first national base-lining survey of user resilience to the common cybercrime of phishing to gain insights into behavioral aspects of phishing – and to establish data corpora for university and industry investigators researching the behavioral/cognitive dimensions of cybercrime
The first APWG eCrime research conference in 2006 surprised organizers with the proportion of papers focusing on behavioral aspects of cybercrime, inspiring APWG’s first cybercrime awareness and education programs – all of which are still operating today worldwide
The APWG is working with research centers in Australia, and the United States to deploy the world’s first national base-lining survey of user resilience to the common cybercrime of phishing to gain insights into behavioral aspects of phishing – and to establish data corpora for university and industry investigators researching the behavioral/cognitive dimensions of cybercrime. Principle investigators are adapting techniques from epidemiology to generate data representative of the whole population – not a biased sub-sample. The data generated from this study will help to extend the field, but more importantly, will be shared with system designers to help build more secure tools and better incident response capability.
The Messaging Convention was proposed formally by APWG to its members in 2009. The subsequent STOP. THINK. CONNECT. the campaign was adopted by the US government in 2010. Since then, the campaign has been launched by cabinet ministries and NGOs in another 22 other nations. Today, the STOP. THINK. CONNECT. Messaging Convention manages the campaign’s intellectual property and global footprint development.
APWG’s Phishing Education Landing Page was conceived by Reseachers from Carnegie-Melon University presenting at the APWG 2007 eCrime Conference. The landing page was operational within a few months, now educating each month hundreds of thousands of credulous users who click on links to decommissioned phishing websites – in some 21 languages.