Supporting a Cybersecurity Mindset: Getting Internet Users into the Cat and Mouse Game
40 Pages Posted: 31 Mar 2016 Last revised: 28 Aug 2016
Date Written: March 30, 2016
This paper draws from empirical research on Internet users to identify the elements that accompany/define a cybersecurity mindset, and the factors likely to support its acquisition. Based on a survey of online workers, we found a pattern of beliefs in the efficacy of personal safer computing efforts, such as using firewalls, protective software and strong passwords, to be closely related to what sources of information users rely on for support on cybersecurity. Survey questions tapped the degree users viewed various sources as providing comprehensive information about cybersecurity, including information from the media, the workplace, school, or specialized web sites. They also responded to whether they relied on family and friends for help. Surprisingly, those relying primarily on family and friends for support on cybersecurity tended to have the lowest protection-habit levels. In contrast, those who relied more on web-based information as part of their support network had the highest levels of protection habits. At first glance, this pattern suggests that having information that is timely and actionable, such as from the web can help build self-efficacy and motivate users to adhere to good practices. More broadly, it might suggest that the nature of cybersecurity’s cat and mouse games defies simple habits, and requires an habitual focus on the changing face of cybersecurity threats and defenses. Therefore, the best cybersecurity mindset is to continually track change, which leads users to more dynamic sources, such as the Web versus the more static conventional wisdom from family and friends. Further research is required to determine how policymakers, practitioners, and educators can foster a mindset of tracking dynamic cybersecurity practices rather than relying on more static advice from families and friends. This might lead to an approach to developing a cybersecurity mindset among individual Internet users.
Keywords: cybersecurity, human factors, security mindset, construct development
Suggested Citation: Suggested Citation