y2mate.com - Protecting the overclaimers in cybersecurity w Dr Daniel N Jones CSI Talks 7_360p

Background on Dr. Daniel Jones

  • Associate Professor of Management at the College of Business, University of Nevada, Reno (UNR).

  • Core faculty member in interdisciplinary social psychology program.

  • Previous position: Assistant Professor of Legal Psychology at University of Texas, El Paso.

  • Education: B.Sc. in Psychology from Stockton University and a PhD in Social Personality Psychology from University of British Columbia (2011).

  • Publication record: Over 90 peer-reviewed journals and chapters in flagship journals (e.g., Journal of Personality and Social Psychology, Journal of Business Ethics).

  • Award: Early career award from the Western Psychological Association.

  • Research funding: Several grants focusing on dark personalities related to betrayal and cybersecurity.

Research Focus

  • Examines long-term vs short-term deception and harm.

  • Differentiates the dark triad of personality traits: Machiavellianism, Psychopathy, and Narcissism.

  • Development of interventions to prevent harm caused by dark triad traits.

Outline of Presentation

  1. Dr. Jones' background and interest in cybersecurity.

  2. Preliminary study on phishing vulnerability.

  3. Concepts of overclaiming in relation to cybersecurity risks.

  4. Phishing vulnerability as influenced by poor cyber knowledge.

  5. Inoculation approach from communication theory for cybersecurity defense.

Introduction to Cybersecurity

  • Dr. Jones' entry: Initially connected with Chris Kiekenfeld's work on game theory algorithms during his tenure at UT El Paso.

  • Research collaboration leading to grants on defeating dark triad using game theory.

  • Five overlapping streams of research related to:

    • Phishing vulnerability and strategies: Understanding different phishing styles and responses.

    • Insider threat and manipulation.

Understanding the Dark Triad Traits

  • Definition: A set of three toxic personality traits—Machiavellianism, Psychopathy, Narcissism.

  • Common attributes: Callousness and dishonesty.

  • Unique characteristics:

    • Machiavellianism: Strategic and manipulative.

    • Psychopathy: Impulsive and reckless.

    • Narcissism: Overconfidence affecting judgment.

  • Importance in cybersecurity: Individuals embodying these traits are likely to engage in cybercrime due to their manipulative tendencies.

Mimicry Deception Theory

  • Overview: The theory that all organisms deceive, paralleling the mechanisms of human deception.

  • Required components for long-term deception:

    • Complex mimicry.

    • Slow resource extraction.

    • Integration into a community.

    • Low detectability.

  • Findings: Long-term deceivers (e.g., Machiavellians) use stealthy infiltration methods; short-term deceivers (e.g., psychopaths) employ brute force attacks.

Research on Phishing and Overclaiming

  • Study findings on individual responses to phishing:

    • Narcissism leads to vulnerability.

    • Machiavellians adapt phishing attacks to bypass filters.

    • The phenomenon of overclaiming where individuals assert knowledge they lack.

    • A practical example of overclaiming in cyber knowledge assessment was provided using fictional terms during the discussion.

Overclaiming: Definition and Impact on Cybersecurity

  • Definition: Claiming knowledge of non-existent concepts signifies overconfidence.

  • Measurement: Uses signal detection theory scoring for evaluating knowledge accuracy.

  • Relevance in cybersecurity: Overclaiming serves as an indicator for phishing vulnerability due to false confidence.

  • Direct connections made between overclaiming behaviors and the dark triad traits:

    • Narcissism links to self-deceiving exaggeration.

Inoculation Approach to Phishing Defense

  • Psychological inoculation: Prepping individuals to recognize and refute weak arguments to strengthen defenses against phishing.

  • Necessary parameters:

    • Detection of threat.

    • Favorable prior attitudes toward learning about phishing defenses.

  • Methodology in studies includes revealing the manipulation of Cialdini's principles to tailor phishing tactics and effectively present the dangers of phishing attacks.

Research Findings and Future Directions

  • Preliminary data suggests inoculation is more effective for overconfident individuals than education-based approaches.

  • Both high and low overconfidence groups require tailored education strategies to prevent phishing attacks.

  • Future research plans involve:

    • Assessing the effectiveness of inoculation vs education in larger studies.

    • Incorporating pen testing in follow-up evaluations for practical understanding of phishing threats.

Implications of Dark Triad Research

  • Continued exploration of how dark traits inform cybersecurity strategies and vulnerabilities.

  • Analyzing coding behavior in attacks to understand the profiles of long-term and short-term attackers.

  • Potential collaborative opportunities for research with various populations and organizations focused on cybersecurity.