PSYC FPX 4210 Assessment 2 Research Methodologies

PSYC FPX 4210 Assessment 2 Research Methodologies

Student Name

Capella University

PSYC FPX 4210 Cyberpsychology

Prof. Name:

Date

Abstract

Cybersecurity breaches are a prevalent issue in today’s society, significantly affecting organizations and industries that are under constant pressure to protect confidential information. As the world becomes more interconnected through technology, facilitating rapid and frequent communication and collaboration, it also becomes increasingly susceptible to severe cyber-attacks. The complex nature of cybercrime has led to extensive research into human-computer interactions and their interrelated dynamics. Human errors and insufficient training often indirectly contribute to the prevalence of cybercrime. Various researchers have proposed strategies to address cybersecurity vulnerabilities, including serious gamification and the development of habitual behaviors. This paper will review two distinct research articles and methodologies that focus on human attributes and behaviors related to cybersecurity training.

Introduction

The rapid advancement of technology and the integration of humans into the virtual realm of cyberspace have given rise to the expanding field of cyberpsychology, with 58% of the global population now using the internet (Clement, 2019). The intersection of emerging technologies and human-computer interaction has sparked considerable interest among researchers in cyberpsychology as a distinct discipline. Cyberpsychology is defined as the study of the psychological processes associated with and underlying all aspects of technologically mediated human behavior (Atrill et al., 2019). This field also encompasses the psychological implications of cyborgs, artificial intelligence, and virtual reality. Cyberpsychology examines how individuals utilize technology to engage in cyberspace and the effects of these interactions on their real-world lives. The interdisciplinary nature of cyberpsychology encompasses a variety of theoretical perspectives and applications in technology, which continue to evolve across different domains, including education, healthcare, workforce, and security. Statistical and theoretical research in this area primarily focuses on internet usage (Ancis, 2020). The advent of smartphones and smart devices has fostered a profound and ongoing impact on human behavior and perception.

Psychological Perspectives in Cybersecurity

Exploring the psychological dimensions of the cyber realm reveals significant insights into cybercrime and cybersecurity. Human vulnerability in the digital landscape is closely tied to cybersecurity, which affects every aspect of daily life. This issue is critical for consumers, industries, and governments alike (Norman, 2017), especially as technology evolves. Security breaches and the compromise of personal information are pressing concerns within cybersecurity. The concepts of privacy and security have been integral to society from ancient times to the present (Norman, 2017). As reliance on computers and online activities increases, so does susceptibility to cybercrime, with hacking being a prominent threat. Hackers can potentially access a wide range of personal and organizational data (Zengerlie & Casella, 2015). Social networking platforms, corporate websites, and online gaming sites provide extensive opportunities for hackers.

In addition to hackers, information technology professionals and end-users play crucial roles in cybersecurity. IT specialists, particularly those focused on securing business operations in government and defense sectors, are tasked with safeguarding electronic information repositories from theft and corruption (Norman, 2017). They are responsible for detecting, analyzing, identifying, and preventing hacker attacks. Psychologists contribute significantly by identifying hacker behaviors and predicting individual actions through the study of social norms. By collaborating with IT engineers, psychologists can help develop a global security system that monitors hacker activities online for potential threats.

Organizations and researchers are actively creating strategies to raise awareness and provide training for employees and the general public regarding effective cybersecurity practices. A lack of awareness about the detrimental effects of compromised security is a major factor contributing to cybercrime. Users’ perceptions of technology and their trust in it are directly linked to their online behaviors (Ho et al., 2010). Human-computer interactions are often taken for granted, and various psychological biases and risky behaviors can make individuals easy targets for cybercrime. This paper will examine current research that emphasizes the importance of cybersecurity training through serious games and a study on the subjective experience of habit formation in cybersecurity.

Analysis 1: Successful Gamification of Cybersecurity Training

This study explores whether a serious game, designed based on findings from previous research and best practices, can enhance participant scores on the Theory of Planned Behavior (Ajzen, 1991). Steen and Deeleman (2021) highlight the necessity of training to improve adherence to cybersecurity protocols. They discuss behavioral components that can enhance cybersecurity awareness and training efforts. This research approaches cybersecurity training from a gamification perspective, involving 258 participants recruited through snowball sampling. A link to the cybersecurity game was disseminated via Facebook, Instagram, and email.

This study demonstrates that serious games can have a positive impact on self-reported scores related to the Theory of Planned Behavior (TPB). Simply providing individuals with information and awareness is insufficient to instigate change. The findings indicated that participants who engaged with cybersecurity games reported higher scores in attitudes, perceived behavioral control, intentions, and actual behavior compared to those who played non-cybersecurity games. After playing the games, participants completed the TPB questionnaire. While the significant effects of the game condition on attitudes, subjective norms, and perceived behavioral control and intentions met expectations, the notable impact on behavior was unexpected, suggesting that other factors may have influenced the results. Overall, the study explores the potential of serious gamification in enhancing cybersecurity training.

Analysis 2: Exploring Workers’ Subjective Experiences of Habit Formation in Cybersecurity: A Qualitative Survey

This study investigates cybersecurity within the workplace and examines employees’ subjective experiences regarding habit formation, aiming to foster positive habits. The research addresses the gap between understanding cybersecurity and habit formation to promote best practices. Participants were selected from various fields within their organizations, ranging from skilled professionals to self-employed individuals. This exploratory qualitative online survey was conducted using Qualtrics, with data collected online. Cybersecurity behaviors were coded, and responses to open-ended questions were analyzed through inductive thematic analysis using ATLAS. Codes were assigned based on expressed sentiments, and a series of authors coded the responses in subsets.

The interpretation and categorization of statements were checked for consistency. The analysis of open-ended questions revealed key themes, including habit formation, habit cultivation, and organizational influences. A total of 195 participants were recruited for the study, with 53% being female, aged 18 to 66, a standard deviation of 10.24, and a median age of 36. All participants were based in the UK, limiting the study to a single demographic. Although the study was conducted online, the sample size of 195 participants represents only a small segment of the population. Additionally, ethical concerns arise regarding the difficulty of verifying the authenticity of participants. The findings may not provide practical insights for implementing cybersecurity measures; however, they support the notion that habit-based interventions could be effective in fostering cybersecurity behaviors in the workplace. The questionnaire utilized in this study included open-ended questions about cybersecurity behavior, but there was no control group or control questions regarding general behavior and habit formation related to non-cybersecurity games (Hochheiser et al., 2017).

Critique and Recommendations

Social Identity Theory can be employed to identify commonalities among employees and organizations that are vulnerable to cyberattacks. The overarching goal of these two studies is to investigate and present the impacts on the general population and the human aspects of cybersecurity. Cybersecurity is heavily influenced by end-users’ attitudes and experiences, which shape their behavioral responses (Alhayani et al., 2021). Additionally, there is a need for a transdisciplinary approach that brings together psychologists and IT professionals to enhance cybersecurity awareness. Understanding cybersecurity fears and threats is crucial for promoting proactive and defensive security behaviors among the general public. According to Social Identity Theory, proposed by Tajfel and Turner, group members share common goals to maintain group cohesion and adhere to shared norms (Tajfel & Turner, 2004). Recognizing our shared social identity as potential cyber victims can foster collective efforts toward cybersecurity behavior formation.

A key aspect of Social Identity Theory suggests that individuals strive to achieve and maintain a sense of positive distinctiveness within their group membership (Tajfel & Turner, 2004). The desire to view in-groups favorably aligns with self-esteem perspectives, and distinctiveness serves a functional purpose. Social Identity Theory predicts that group members’ responses to threats to their distinctiveness depend on their level of identification with the group’s relevance (Spears et al., 1997). Research indicates that when individuals face threats to their distinctiveness, they report greater support for policies aimed at preserving in-group distinctiveness by distancing themselves from the relevant out-group (Branscombe et al., 1993). Similarly, in organizations where employees identify as members of a group facing cyberattack threats, they are likely to exhibit heightened awareness of distinctiveness threats from out-groups, such as hackers, and will support policies that enhance cybersecurity. The goal of cybersecurity is to maintain in-group distinctiveness by taking proactive measures to defend against cyberattacks.

PSYC FPX 4210 Assessment 2 Research Methodologies

Besides that, the participants were drawn from diverse sources, which indicates a lack of in-group membership identity, resulting in lower scores for subjective norms. The formation of best practice habits and behavior development in end-users for cybersecurity can be understood through Albert Bandura’s Social Learning Theory. In the subsequent article by Collins and Hinds (2021), the exploration of workers’ subjective experiences regarding habit formation in cybersecurity is presented through a qualitative survey. The results reveal overarching themes based on participants’ responses, including the unintentional or unconscious formation of habits, the conscious cultivation of habits, and the potential effectiveness of habit-based interventions in promoting cybersecurity behaviors at work.

According to Social Learning Theory, behaviors are acquired through experiences (Bandura, 1977). This theory underscores the significance of observing, modeling, and imitating the behaviors, attitudes, and emotional responses of others. It elucidates the environmental and cognitive factors that significantly influence human learning and behavior. The qualitative survey conducted by Collins and Hinds (2021) provides insights that can be redirected for future research based on Bandura’s Social Learning Theory, which encompasses the intentional and vicarious cultivation and maintenance of habits, as well as encouragement through social and organizational influences (McLeod, 2016).

Learning behaviors in the context of cybersecurity, particularly as a defense mechanism and preparation against attacks, is crucial. Therefore, it is essential to develop strategies that motivate employees and the general public to proactively train against cybercrime. Psychologists collaborate with IT professionals to foster and develop cybersecurity behaviors, creating software grounded in learning theories to enhance awareness and consciousness regarding cybercrime. For instance, the Zero Trust Architecture from Palo Alto Networks adopts a strategic approach to cybersecurity that eliminates implicit trust and continuously validates every stage of digital interactions (Palo Alto Networks, 2022). This framework is designed to safeguard and facilitate digital transformation by employing various commands and enforcing least access policies. Training end-users and motivating individuals to cultivate cybersecurity habits are vital for effective cybersecurity.

However, Social Learning Theory posits that criminal behavior arises from various factors, including social control, industrialization, learning, and psychopathologies, which can entice cybercriminals to engage in such activities (Rogers et al., 2006). To counteract the deviant behaviors associated with cybercrime and the manipulative tactics of cybercriminals, psychologists and IT professionals must address deficiencies in human behaviors that lead to errors. According to Durbin (2022), human failures in cybersecurity breaches often stem from cognitive biases. As end-users, humans represent the weakest link in cybersecurity, and cybercriminals continuously seek opportunities to exploit these vulnerabilities. The findings from the first article on serious gamification highlight the role of ego depletion, indicating that the limited supply of human willpower diminishes over time following training sessions, and that ongoing security training and reminders may eventually fade (Durbin, 2022).

Conclusion

The unique field of Cyberpsychology has inspired numerous researchers to explore the intersection of psychology and technology. The influence of technology on human behavior and adaptation in the cyber realm opens many avenues for further research. Cybersecurity, which aims to dominate the information technology landscape, must collaborate with psychology to design software and strategies that raise awareness and train individuals against cybercrime. According to Social Identity Theory and Social Learning Theory, human interactions with computers can be influenced. Humans develop and sustain behaviors and habits by observing models, and various learning models can vicariously shape behavior formation. In-group membership among users fosters a common identity characterized by shared fears and threats from out-group members, such as hackers. Addressing these challenges, advancing strategies, and experimenting with serious cybersecurity games to establish best practice habits could assist researchers in creating a cyber-safe environment. Ultimately, cybersecurity fundamentally relies on human tendencies, making it essential for cybersecurity and psychology to collaborate in recognizing and addressing the fight against cybercrime.

References

Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211. https://doi.org/10.1016/0749-5978(91)90020-t

Alhayani, A., Alhassan, I., & Alhassan, A. (2021). Effectiveness of artificial intelligence techniques against cybersecurity risks in the IT industry. Materials Today: Proceedings. https://doi.org/10.1016/j.matpr.2021.02.531

Ancis, J. (2020). STS 359-H01: Cyberpsychology. Digital Commons @ NJIT. https://digitalcommons.njit.edu/hum-syllabi/298/

Ancis, J. R. (2020). The Age of Cyberpsychology: An overview. Technology, Mind, and Behavior, 1(1). https://doi.org/10.1037/tmb0000009

Attrill-Smith, A. (2019). The Oxford Handbook of Cyberpsychology. Oxford University Press.

Bandura, A. (1977). Social learning theory. Prentice-Hall.

Branscombe, N. R., Wann, D. L., Noel, J. G., & Coleman, J. (1993). In-group or out-group extremity: Importance of the threatened social identity. Personality and Social Psychology Bulletin, 19(4), 381–388. https://doi.org/10.1177/0146167293194003

Collins, E. I. M., & Hinds, J. (2021). Exploring workers’ subjective experiences of habit formation in cybersecurity: A qualitative survey. Cyberpsychology, Behavior, and Social Networking, 24(9), 599–604. https://doi.org/10.1089/cyber.2020.0631

Durbin, S. (2022, January 16). 10 cognitive biases that can derail cybersecurity programs. Security Magazine. https://www.securitymagazine.com/articles/96918-10-cognitive-biases-that-can-derail-cybersecurity-programs

Ho, S. S., Lwin, M. O., & Dempsey, J. (2010). The mediating effect of trust on organizational online knowledge sharing: An empirical study. International Journal of Information Technology & Decision Making, 9(4), 625–644. https://doi.org/10.1142/S0219622010003981

Hochheiser, H., Feng, J. H., & Lazar, J. (2017). Research methods in human-computer interaction (2nd ed.). Morgan Kaufmann Publishers.

McLeod, S. A. (2016). Bandura – social learning theory. Simply Psychology. https://www.simplypsychology.org/bandura.html

PSYC FPX 4210 Assessment 2 Research Methodologies

Norman, K. L. (2017). Cyberpsychology: An introduction to human-computer interaction. Cambridge University Press.

The Qualitative Data Analysis & Research Software. ATLAS.ti. https://atlasti.com/

Rogers, M. K., Seigfried, K., & Tidke, K. (2006). Self-reported computer criminal behavior: A psychological analysis. Digital Investigation, 3, 116–120. https://doi.org/10.1016/j.diin.2006.06.002

Spears, R., Doosje, B., & Ellemers, N. (1997). Self-stereotyping in the face of threats to group status and distinctiveness: The role of group identification. Personality and Social Psychology Bulletin, 23(5), 538–553. https://doi.org/10.1177/0146167297235009

Tajfel, H., & Turner, J. C. (2004). The social identity theory of intergroup behavior. In Political Psychology (pp. 276–293). https://doi.org/10.4324/9780203505984-16

van Steen, T., & Deeleman, J. R. A. (2021). Successful gamification of cybersecurity training. Cyberpsychology, Behavior, and Social Networking, 24(9), 593–598. https://doi.org/10.1089/cyber.2020.0526

What is a Zero Trust Architecture? Palo Alto Networks. https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture

Zengerle, P., & Cassella, M. (2015, July 9). Millions more Americans hit by government personnel data hack. Reuters. https://www.reuters.com/article/us-cybersecurity-usa-idUSKCN0PJ2M420150709