When psychology meets cyber-security: lessons learned from the COCOON project

Press/Media: Research

Period16 May 2022

Media contributions

1

Media contributions

  • TitleWhen psychology meets cyber-security: lessons learned from the COCOON project
    Duration/Length/Sizep.15
    Country/TerritoryNetherlands
    Date16/05/22
    DescriptionDomestic use of Internet-of-Things (IoT) is increasingly
    popular and offers convenience, comfort, and home
    security. IoT, however, is not without risks. One risk specific
    to IoT is the cyber-physical assault.

    IoT devices often can control some aspect of the physical
    environment, and hence hacking of IoT can have adverse
    physical consequences. Just imagine ransomware
    preventing you from leaving the house or turn on the
    bedroom lights while you are sleeping. The cyber-risks of
    IoT also extend beyond the end-user, as for example when
    devices are exploited for so-called Distributed Denial of
    Service (DDOS) attacks to critical national infrastructure.
    IoT security is mostly sought along the technological axis.
    This makes sense given the premise of IoT as self-organizing,
    self-configuring, and self-securing. However, technological
    solutions alone are unlikely to suffice. According to
    Consumenten-bond (2020), 1 out of 4 devices on the
    Dutch market show severe security vulnerabilities and can
    be hacked with little effort. Moreover, there is often no
    guarantee that a device will receive security updates during
    its full lifetime, especially with unsuccessful products.

    In the Chistera 2017 project “COCOON: Emotion psychology
    meets cyber-security”, we investigated the role of the end-user of domestic IoT in cyber security; bringing together
    cyber-security experts—University of Greenwich and Reading
    (UK) and ETH Zurich (CH)—and psychologists from Ghent
    University (BEL) and TU/e (NL). The goals were to investigate
    (a) the risks of IoT and how these are perceived by home
    users, (b) their emotional responses to cyber-physical
    assaults, and (c) their capacity to detect cyber-physical
    assaults—thus recasting users as an integral part of the
    security system.
    URLhttps://assets.tue.nl/fileadmin/ILI%20Magazines/ILI%20magazine%20mei%202022.pdf
    PersonsAntal Haans, Nicole Huijts