Significance of the Human Element in Cybersecurity

Renowned authority in human-technology interactions and Presidential appointee Prof. Missy Cummings of Duke University, spoke to the importance of understanding human motivation and behavior to proactively predict and detect deception. In a very candid and engaging conversation, Prof. Cummings expressed her concern about cybersecurity as a field not receiving the necessary scientific recognition and support. "Cybersecurity is not like changing the oil of your car, it is its own science," she said while discussing the various aspects of cybersecurity knowledge creation and dissemination. She also talks about her class on the Human Element in Cybersecurity and how she draws from various scientific knowledge bases (such as cognitive science, systems theory, game theory, and queuing theory) to provide a rich learning experience.

Time Stamps

00:46

How does your research on human safety in automation and robotics inform cybersecurity research?

04:28

How do human factors such as behavioral traits and motivations influence cybersecurity training effectiveness?

08:46

How do you go about analyzing and measuring unintentional human errors and malicious behavior?

13:29

As educators, what's your opinion on how widespread cybersecurity education should be? Who all should we be reaching out to as educators, as trainers?

17:19

So I worry more about the organizations which are resource-constrained and to what extent they are making those fearless calls of finding the right balance between pursuing their organizational goals and mission without compromising on having a certain level of cybersecurity readiness. Any reactions thoughts to that?

22:21

Cybersecurity is a strategic competency. It's a competency that organizations need to develop, and master over a period of time, if they want to thrive in the years to come. Thoughts reactions?

36:41

I wonder if we need regulations like Sarbanes-Oxley (SOX) Act to get people to comply, organizations to comply with cybersecurity. What do you think?

41:56

What are you trying to instill in students who take your class?

43:11

Besides regulation, what would it take for top management to recognize cybersecurity to be a key issue?

46:08

Any final thoughts?

Memorable Missy Cummings Quotes

"You want to keep your friends close, but your enemies closer."

"If we can figure out how to get in the minds of the people who are doing the deceiving, the hacking, that is another way to mitigate cybersecurity attacks."

"If you can actually develop a good model of a human's engagement in their everyday work practices, you can actually figure out when is the right time to deceive them."

"Cybersecurity is a living process, it's not just a check in the box."

"We're just missing a core recognition at universities that cybersecurity is not like changing the oil of your car, it is its own science."

"A lot of companies are not going to get at least good enough cybersecurity practices unless you force their hand."

"I think the number one change that needs to happen, is for government, industry, and academia to recognize that like COVID, cybersecurity is here to stay. And the longer you keep ignoring it, the worse it's going to get."

"Systems-level thinking and cybersecurity, to me, they're one and the same."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338