Psybersecurity: A New Emerging Topic and Research Area Within Human Security – Part 2
By Carlee Franklin and Ankur Chattopadhyay, Northern Kentucky University
Click here to read Psybersecurity: A New Emerging Topic and Research Area Within Human Security – Part 1.
III. Psybersecurity Amidst COVID-19
During these current COVID-19 times of tension, stress, lockdown-driven isolation, social distancing, and economic recession, opportunities to exploit others have risen dramatically for hackers. Cybersecurity attacks are being orchestrated around individual weaknesses related to face masks, preventative care, stimulus checks, and unemployment issues . Hackers’ awareness of human vulnerabilities has become more apparent over the COVID outbreak through the latest cybersecurity attacks, including social engineering cases such as phishing, vishing, internet fraud, and online scams. Due to the ongoing pandemic, health has been placed at the forefront of media, and individually prompt-ed healthcare research has risen dramatically . Now more than ever, people are turning to the Internet for critical healthcare information, including information about COVID and other diseases, as well as information on healthcare providers and medical professionals that influence one’s healthcare-related decision making. The independent online search for healthcare without professional intervention may result in users finding misinformation online, for example, incorrect, fabricated, or fraudulent healthcare information.
The spread of misinformation has accelerated during the COVID-19 pandemic to the extent that the World Health Organization has referred to this as an “infodemic” challenge, and is attempting to combat the issue . This implies that the risk of psybersecurity attacks is increasing. According to a recent online survey , March 2020 saw an 85.2% increase in online healthcare search, which correlates with the increase of health anxiety and other cyber-psychological issues [2, 4]. This correlation indicates a substantial need for proper guidance, advising, and awareness for the average online healthcare information (OHI) user. A potential way to protect OHI users from rising psybersecurity threats is by leveraging specialized online tools and technologies that can provide information assurance. For example, tools that verify the authenticity and trustworthiness of the online data, including the credibility of the websites and information sources.
The psybersecurity of OHI users is linked to their mental perceptions and state of mind that can easily fall prey to psychological issues, like cyberchondria, anxiety, uncertainty, fear, and lack of trust. Therefore, if the trustworthiness of OHI websites can be determined using information assurance techniques, that would aid in improving psybersecurity. Additionally, using transparent, user-friendly measures for website evaluation and trust-inducing web design elements will help improve user reliability. Thus, in this context, psybersecurity needs to be taken into account by OHI providers as an essential area for future research and development.
Psybersecurity risks may be associated with OHI brows-ing, but these threats also arise from healthcare information breaches. In 2019 alone, 36% of breaches were in the healthcare industry, which cost the United States around $6.2 billion . Hackers’ apparent targeting of healthcare information can create distrust between healthcare consumers and healthcare service providers, and distrust between different health-related industries. Moreover, the potential threat posed by the orchestrators of cybersecurity attacks can affect a person’s mental state, damage ones’ overall well-being, lead to mistrust in healthcare, and therefore, can contribute to increased anxiety, constant paranoia, and other mental health problems. Hackers often find ways to access high-security information by exploiting someone with access to that information . Through social engineering techniques and manipulating emotions such as fear, excitement, anxiety, etc., hackers can indirectly breach strong protective measures by infiltrating a persons’ mind . From this viewpoint, psybersecurity can be traced to securing the human mind from social engineering attacks. It would encompass studying the human mind, including understanding the mental flaws and weaknesses that lead to an individual either knowingly or unknowingly falling victim to a hacker’s trap via mental exploitation. These kinds of mind-games require breaching the human mind, and the first step for accessing valuable information can often be deceiving the victim to click on a malicious email attachment, downloading a malicious document, or otherwise sharing other sensitive data .
In today’s digital world, everyone interacts with technology in one way or another, which leaves all technology users vulnerable to psybersecurity attacks due to a cybersecurity breach, or the consummation of misinformation. Because of the recent emergence of the subject of psybersecurity, and the infantile stage of research pertaining to it, the scope of future work in this area is quite plentiful. There are different directions of possible work in this topic, and one of the most relevant is in relation to the healthcare field. The importance of psybersecurity is indeed synonymous with the need to validate information to earn credibility, therefore reducing anxiety, stress, and other psychological disorders. In this context, consider the case for authentication-based information assurance techniques and technologies to provide assistance to safeguard the users’ mental health by enabling them to understand and better identify psybersecurity threats. This process includes discerning between trustworthy and untrustworthy OHI websites .
Another potential direction of work in the area of psybersecurity is to study how to combat cyberattacks and prevent related mental damage by understanding the psychology behind the attacker (or social engineer). The study of common mental characteristics between social engineering victims, and the differences in their behavior for determining who could be more likely to fall prey, would catalyze the development of more protective measures .
In addition to studying psybersecurity related psychological and behavioral components, and planning technological interventions, building a strong human-security network would add more protection to people’s psychological well-being . It is also in this context that Dr. Louie attributes education and awareness of psybersecurity risks as integral to analyzing personal mental health. However, building a strong community of individuals that check up on each other’s mental states would also help identify a behavior change, and possibly prevent the need for psychological assessments, treatments, or responses required for a psybersecurity attack incident .
- “#Psybersecurity: The Mental Health Attack Surface”. 41st IEEE Symposium on Security and Privacy. May 19, 2020.
- Jungmann, Stefanie M., and Michael Witthöft. “Health Anxiety, Cyberchondria, and Coping in the Current COVID-19 Pandemic: Which Factors Are Related to Coronavirus Anxiety?” Journal of Anxiety Disorders, vol. 73, June 2020, p. N.PAG. EBSCOhost, doi:10.1016/j.janxdis.2020.102239.
- Laato, Samuli, AKM Najmul Islam, Muhammad Nazrul Islam, and Eoin Whelan. “What drives unverified information sharing and cyberchondria during the COVID-19 pandemic?” European Journal of Information Systems (2020): 1-18
- Brown, Richard J., et al. “Online Health Research and Health Anxiety: A Systematic Review and Conceptual Integration.” Clinical Psychology: Science & Practice, vol. 27, no. 2, June 2020, pp. 1–19. EBSCOhost, doi:10.1111/cpsp.12299.
- 2019 Cyber Security Statistics Trends & Data. PurpleSec. (2020, November 18). https://purplesec.us/resources/cyber-security-statistics/.
- Pfeifer, K., & Streff, J. (2020, September 15). PsyberSecurity: Where Computer Security Meets Psychology.
- Chattopadhyay, A., Schulz, M. J., Turkiewicz, K. L., & Hughes, E. (2018) A Novel Visual Recognition-based Authentication Model Using a Hybrid Trust Theme to Verify Provider Profiles for Enhancing Information Assurance in Online Healthcare. Journal of Cyber Security and Mobility, 7(3), 1-46.
- Michel, A. (2017). Psyber Security: Thwarting Hackers with Behavioral Science. APS Observer, 30(9).
- Ciappelli, M., & Louie, R. K. (2019, April 4). Let’s talk about Psybersecurity. https://www.itspmagazine.com/itsp-chronicles/lets-talk-about-psybersecurity-with-dr-ryan-louie.
Carlee Franklin Carlee Franklin is currently a L.I.F.E. Foundation Fellow student, pursuing her bachelor’s in Computer Science at Northern Kentucky University (NKU). She has been working as an undergraduate research assistant with Dr. Ankur Chattopadhyay since Fall 2020. She is currently exploring research topics in the areas of cybersecurity, privacy, trust, and computational biomedical sciences. She hopes to pursue further research within the disciplines of computer science and cybersecurity in greater depth, and gain more experience in the area of web development.
Dr. Ankur Chattopadhyay earned his Ph.D. in Computer Science from the University of Colorado at Colorado Springs (UCCS), and is currently an Assistant Professor of Cybersecurity & Computer Science in the Computer Science Department at Northern Kentucky University (NKU). His research interests include visual privacy, privacy-enhanced computer vision, He is currently an Editorial Board Member with the IEEE Future Directions Newsletter, Technology Policy and Ethics. He is an active professional member of IEEE and ACM. He has over 30 peer-reviewed publications, including conference papers, news-letter articles, and journal papers. He has more than 15 years of work experience in both academics and industry. Ankur is originally from Kolkata, India, where he did his Bachelors in Computer Engineering from the Institute of Engineering & Management (IEM), and was employed with Tata Consultancy Services, a global computer consul-tancy firm, for almost 7 years. Before joining NKU, he was an Assistant Professor of Computer Science at the University of Wisconsin – Green Bay (UWGB), where he founded and directed the Center of Cybersecurity Educa-tion & Outreach. He was the principal investigator (PI) and the project director of the first-ever NSA/NSF Gen-Cyber program in the state of Wisconsin at UWGB, where he has led and hosted the GenCyber program for three years. He has also worked with Google and Microsoft as the PI/project lead for the Google IgniteCS and Microsoft TechSpark grant programs at UWGB. His industry profile includes multiple roles like IT Analyst, Software Engineer and Embedded Systems Engineer.
Dr.Muhammad Bilal is an assistant professor of computer science with the Department of Computer and Electronic Systems Engineering, Hankuk University of Foreign Studies, Yongin, Korea. He received a Ph.D. degree in information and communication network engineering from School of Electronics and Telecommunications Research Institute (ETRI), Korea University of Science and Technology, Daejeon, Korea, MS in computer engineering from Chosun University, Gwangju, Korea, and a BS degree in computer systems engineering from University of Engineering and Technology, Peshawar, Pakistan Prior to joining Hankuk University of Foreign Studies, he was a Postdoctoral Research Fellow with the Smart Quantum Communication Center, Korea University. He is an editorial board member of IEEE Future Direction Newsletter. He has served as a reviewer of various international Journals including IEEE Communication Magazine, IEEE Systems Journal, IEEE Access, IEEE Communications Letters, IEEE Transactions on Network and Service Management, Journal of Network and Computer Applications, Personal and Ubiquitous Computing, and International Journal of Communication Systems. He has also served as a program committee member on many international conferences. His primary research interests are Design and Analysis of Network Protocols, Network Architecture, Network Security, Blockchain Technologies, IoT, Named Data Networking, Cryptology, and Future Internet.