SCOTTISH scientists are to study how people respond to phishing emails and common cyber attacks in a £1 million project aimed at improving online security.
A team at the University of Aberdeen are looking at finding ways to prevent hackers enticing people into downloading malware such as that used in recent large-scale attacks – some of which badly affected the NHS in Scotland and across the UK.
The researchers believe the main problem faced by big organisations is making sure computer users follow their existing security policies, such as frequently changing their passwords.
They will test how artificial intelligence (AI) and persuasion techniques can help improve the following of safety advice.
The UK Engineering and Physical Sciences Research Council (EPSRC) has awarded the research team £756,000 towards their Supporting Security Policy with Effective Digital Intervention project (SSPEDI), which takes its total funding to more than £1m.
Dr Matthew Collinson, of the university’s School of Natural and Computer Sciences, who is the principal investigator on the project, said: “If we look at most cyber security attacks, there is a weakness relating to human behaviour that hackers seek to exploit.
“Their most common approach, and the one we are most familiar with, is the use of phishing emails to entice a user to download malware on to their computer.
“One of the main problems faced by companies and organisations is getting computer users to follow existing security policies, and the main aim of this project is to develop methods to ensure that people are more likely to do so.”
The project coincides with the launch of a new masters degree in AI at the University of Aberdeen, which encompasses “persuasive technologies” – those which seek to modify human behaviour without coercion.
“The project applies our world-leading expertise in both AI and human-computer interaction,” said Collinson.
“In the case of human-computer interaction, this specifically relates to the field of persuasive technologies, which are designed to encourage behaviour change and are more commonly applied in healthcare, for example to encourage patients to follow medical advice.
“In terms of AI, we will investigate how intelligent programs can be constructed which can use dialogue to explain security policies to users, and utilise persuasion techniques to nudge users to comply. In addition we will be using sentiment analysis to detect people’s attitudes to security policies through natural language, for example through their email correspondence.
“Ultimately we are looking to employ all of these techniques to identify the issues that make us less likely to follow security advice, and make recommendations as to how these can be overcome.”
It comes as a document, reportedly from spy agency GCHQ, reveals that some hackers are “likely” to have compromised some industrial software companies in the UK. Technology website Motherboard said it has obtained a copy of the document from the National Cyber Security Centre (NCSC), part of GCHQ.
Facilities such as power stations are managed by computer-based control systems, and attacks on them have become more common, according to researchers. The report specifically addresses the threat to the energy and manufacturing sectors. It also lists connections from multiple UK internet addresses to systems associated with “advanced state-sponsored hostile threat actors” as evidence that hackers have been targeting energy and manufacturing organisations.
In the coming weeks, only subscribers will be able to comment on The National articles. Subscribe now or log in to make sure you stay a part of the conversation.
Why are you making commenting on The National only available to subscribers?
We know there are thousands of National readers who want to debate, argue and go back and forth in the comments section of our stories. We’ve got the most informed readers in Scotland, asking each other the big questions. What should we do with our second vote in 2021? What happens if Westminster says no to indyref2?
Unfortunately, though, these important debates are being spoiled by a vocal minority of trolls who aren’t really interested in the issues, try to derail the conversation, register under fake names, and post vile abuse. We’ve had hundreds of emails from you complaining about this, asking us to take steps to ensure that these people aren’t given a platform on our site.
We’re listening to you, and here’s how we plan to make that happen.
We have decided to make the ability to comment only available to our 10,000 paying subscribers. That way, all the trolls who post abuse on our website will have to pay if they want to join the debate – and risk a permanent ban from the account that they subscribe with.
The conversation will go back to what it should be about – people who care passionately about the issues, but disagree constructively on what we should do about them.
We’ll be monitoring this change over the first few weeks, and we’re keen to know your thoughts. Email us at letters@thenational.scot if you want to have your say.
Callum Baird, Editor of The National