Human Behavior in Cyber
Human behavior is often exploited by cybercriminals and threat actors in order to perform cyberattacks. Decision-making is an integral component of human behavior that leads to judgments. Research must continue to explore the vulnerabilities associated with the human decision-making process in the cyber context as well as how human elements, artificial intelligence (AI), and the cyber environment can impact this process. In addition, research must also continue to delve deeper into the improvement of human behavior in cyber, the modeling of human behavior, how human learning can bolster the performance of machine learning, and more.
Potential Research Topics
- What is the role of AI and humans in decision making process?
- How does cyber context effect/influence human-machine decision making?
- How accurately can human behavior be modeled?
- Simulations & Metrics
- What can be taken from what we know about human learning to help machines learn?
- Inspiration from Neuroplasticity
- Take Advantage of Bias to Secure Against Adversary
- Cyber Operations
- Education – Metrics and How To
- Moving Beyond Compliance – Want to Do Security
Articles on Human Behavior in Cyber
A list of publications on human behavior in cyber has been curated from peer-reviewed online journals and magazines, in addition to security research-focused blogs and websites.
[1] "The Human Factor: People-Centered Threats Define the Landscape"
Proofpoint's 2018 report, titled The Human Factor: People-Centered Threats Define the Landscape, highlights the increased use of social engineering by attackers over automated exploits. Cyber criminals are increasingly depending on human interaction to launch attacks. Human instincts such as curiosity and trust are often abused to lead unsuspecting users into revealing sensitive information and giving attackers access to systems.
Dr. Jessica Barker gave a presentation in which she discussed the elements of human nature and social norms that lead humans to falling victim to social engineering attacks. The importance of strengthening cybersecurity culture in the workplace to encourage good cybersecurity behaviors is also emphasized.
[3] "The Psychology Behind Why We Fall for Social Engineering Attacks"
The human instincts of curiosity, naivety, narcissism, overconfidence, and reciprocity are often abused in social engineering attacks. The underlying psychological elements of social engineering must be further explored by security researchers to help combat such attacks.
[4] "Christchurch Tragedy-Related Scams and Attacks"
Attackers exploited the distress and bewilderment caused by the Christchurch massacre in New Zealand to perform social engineering attacks. Following this tragic event, CERT NZ received reports on the distribution of phishing emails, asking for donations in support of relief efforts. The links contained by these phishing emails redirected users to malicious online banking pages that appeared to be legitimate donation pages.
[5] "Exploiting People Instead of Software: Report Shows Attacker Love for Human Interaction"
There has been an increase in the use of social engineering tactics by cybercriminals to launch cyberattacks. Cybercriminals and threat actors are using new techniques to exploit the weaknesses of human nature in order to perform attacks.
[6] "How to Break Our Bad Online Security Habits – with a Flashing Cyber Nudge"
Cyberattacks continue to rise as a result of human error, the growing complexity of technology, and the increasing sophistication of attack methods. It is important that methods for encouraging good cybersecurity behaviors continue to be explored and developed. A circuit board, called the Adafruit Circuit Playground, can be used to nudge end users into following proper cybersecurity practices.
[7] ">"Employees Are Aware of USB Drive Security Risks, but Don’t Follow Best Practices"
Help Net Security report, titled Employees are aware of USB drive security risks, but don’t follow best practices, highlights human behavior regarding the use of USB drives. In a study that was conducted, employees were found to be aware of the risks associated with inadequate USB drive security. It was also found that while 91 percent of respondents claimed that encrypted USB drives should be mandatory, 58 percent of respondents confirmed that they regularly use non-encrypted USB drives.
[8] "A New Cybersecurity Research Group Focuses on Human Behavior"
Human behavior is the focus of the Evidence-based Cybersecurity Research Group led by David Maimon at Georgia State University. The research conducted by this group delves deeper into the interactions of major actors in the cybercrime ecosystem, which include cybercriminals, enablers, targets, and guardians.
[9] "DHS Cyber Specialist: Look for Behavior Patterns with APTs"
Casey Kahsen, an IT specialist at DHS, emphasizes the importance of looking at human behavior patterns in order to track advanced hacking groups. Examining the human behavior associated with an APT means observing operational hours or coding style.
[10] "Despite Warnings, Most People Still Don’t Change Their Passwords"
This article discusses human behavior regarding passwords. 64% of people use the same password for some, or even all, of their online accounts, while only 21% use a different password for each account. It is important for one to take password security seriously.
[11] "Attackers Aren't Invincible & We Must Use That to Our Advantage"
Attackers are still human and they make mistakes. Security professionals should look out for common mistakes made by attackers such as coding errors, TTP (tactics, techniques, and procedures) reuse in different malware attacks, and more.
[12] "How a Personality Trait Puts You at Risk for Cybercrime"
Researchers at Michigan State University conducted a study that examines the behaviors that could lead people to becoming victims of cybercrime. According to the study, those who lack self-control are more likely to fall victim to cyberattacks such as malware.
[13] "Individualism May Make You Better at Catching a Phish: Research"
A study conducted by a team of researchers from Australia's Defense Science and Technology Group (DST) and the University of Adelaide suggests that national culture plays a significant role in the discernment of phishing scams. In addition to weaknesses in human psychology and organizational culture, individualism has been discovered to be a contributing factor to the detection of fraudulent emails.
[14] "Understanding the Relationship between Human Behavior and Susceptibility to Cyber-Attacks: A Data-Driven Approach"
A team of researchers conducted a study to learn about the relationship between human behavior and the vulnerability to cyberattacks. The behavior of gamers, professionals, software developers, and others, was observed.
[15] "Hackers Are Making Their Attacks Look like They Came from the Chinese Government"
According to threat intelligence experts, there has been an increase in the use of false-flag operations by hackers to make cyberattacks appear to have been launched by Chinese hackers. As publicly available tools are often used in the attack operations of Chinese hackers, it is not difficult for China's cyberattacks to be imitated and the blame to be placed on China for such attacks.
[16] "Claiming Credit for Cyberattacks"
Political scientists at the University of Connecticut and the University of Pittsburgh conducted a study titled "Rethinking Secrecy in Cyberspace: The Politics of Voluntary Attribution". The study examines how an attacker makes the decision to admit to being behind the launch of a cyberattack. This decision is based on the goals of the attack as well as the attacker’s characteristics.
[17] "The Impact of Human Behavior on Security"
This article pertains to human behavior. People should be the last thing in charge of cybersecurity due too human behavior. One should remove people and add transparency and automation for true network protection.
[18] "To Identify a Hacker, Treat Them Like a Burglar"
Cyber attribution remains a challenge in cybersecurity. Observing behavioral patterns via law enforcement techniques used to determine links between crimes has been suggested as a way to uncover digital perpetrators. The behaviors of hackers that should be examined include navigation, enumeration, and exploitation.
[19] "Cybersecurity’s Human Factor: Lessons from the Pentagon"
This article pertains to human behavior. It describes how focusing on humans and human behavior might be as important, if not more important than technology when it comes to ones network security.
[20] "Oh The Humanity! Why People Are Your Biggest Cybersecurity Risk Factor"
This article pertains to human behavior. The main reason cyberattacks continue to grow against organizations, is because humans (employees), remain the biggest cybersecurity risk factor to an organization.
[21] "25% of Workers Would Give Away Data for 1000 pounds"
This article pertains to human behavior. It was discovered that the cost of employee loyalty is staggeringly low. With nearly half of all office workers admitting that they would sell their company's and clients’ most sensitive and valuable information, the business risk is not only undisputable but immense in the age of GDPR and where customers no longer tolerate data breaches.
[22] "Destructive and False Flag Cyberattacks to Escalate"
Geopolitical tensions give rise to nation-state cyberattacks in which false flags are planted, allowing nation-state actors to pose as others and further complicate attribution. Security experts still emphasize that hackers are still human and are not incapable of making mistakes, which could lead to their identification.
[23] "Human Behavior Can Be Your Biggest Cybersecurity Risk"
Cybercriminals are taking advantage of end user informalization and lack of cybersecurity education to gain unauthorized access to sensitive data and assets. Businesses are encouraged to adopt a people-centric approach to strengthening cybersecurity.
[24] "What Makes Hackers Tick?"
Researchers at Sandia National Laboratories conducted a study in which hackers' physical and mental responses were measured as they performed attacks. The goal of this study was to determine the most secure configurations by discovering the level of difficulty faced by hackers in the infiltration of certain hardware and software, as well as how they cope with the challenge.
[25] "Passwords Serve a Personal Purpose"
A study conducted at Victoria University of Wellington shows that people create passwords based on their autobiographical memories and future goals. When people create passwords from such personal information, it is easier for them to remember those passwords. This may indicate that people value ease of remembering more than security.
[26] "The Human Element of Cybersecurity"
This article pertains to human behavior. Unbeknownst to many end users, they can pose a major threat to the security of an organization by falling victim to even simple traps. Human error alone creates a whole school of cybercrime opportunities such as phishing, watering hole attacks and other social engineering tactics.
[27] "The Human Element: Insider Behavior Facilitates Cyber Attacks, Erodes Business Trust"
This article pertains to human behavior. Employees and negligence are the leading causes of security incidents but remain one of the least-reported issues. This can cause a lack of trust among organization and their employees.
[28] "Study Finds Wi-Fi Location Affects Online Privacy Behavior"
A team of scientists conducted a study to see if a person's location offline affects how they behave online in regard to privacy. The study also explores changes in online privacy behavior resulting from the presence of a virtual private network (VPN) logo, the provision of terms and conditions by the wireless provider, and more. Scientists observed unethical behavior, ethical behavior, and the disclosure of private information online.
[29] "Improve Your Information Security by Giving Employees More Options"
According to a study conducted by researchers at Washington State University, employees are more likely to improve upon their security behavior when provided with engaging security messages that allow them to choose how they can enhance the security of information and respond to threats in the workplace. It is essential for information security managers and supervisors to motivate employees to make better security decisions.
[30] "New Platform Uses Behavioral Science to Cut Cyber Security Risks"
British startup, CybSafe, has launched a cloud-based platform that delivers a security-based e-learning program personalized for the user through machine learning of user knowledge and behavior patterns. This service can be accessed through a mobile app or online. The motivation behind this new development is to reduce human error in cybersecurity by providing easy access to training and knowledge through personalized content, making learning as effective and engaging for the user as possible.
[31] "Social and Behavioural Science in Cyber Security Research"
Industry experts and academic researchers gathered at a conference focused on social and behavioral science for cybersecurity. The importance of exploring the acceptability of cyber controls, social and cultural background of those that have fallen victim to cyberattacks, the development of cyber hygiene practices, and more, were discussed.
[32] "How Personality Traits Can Influence Online Behaviour"
The influence of personality traits on online behavior was further explored in a study. Personality traits and behaviors exhibited by people affect how likely they are to fall victim to cyberattacks or scams.
[33] "What Is Social Engineering? How Criminals Exploit Human Behavior"
Social engineering refers to the exploitation of human psychology in order to gain access to sensitive data, systems, or protected vicinities. Social engineering attacks continue to succeed as it is often easy to exploit humans' psychological attributes.
[34] "Cybersecurity’s Weakest Link: Humans"
In order to stop social engineering attacks, defenses against such attacks should be people-centric. Research was conducted to further understand why people often fall victim to social engineering attacks such as spear phishing attacks. The research explored the psychology of computer users via the Suspicion, Cognition, Automaticity Model.
[35] "Resilience to Phishing Attacks Is Failing to Improve"
Phishing continues to be the most used tactic by attackers in launching targeted attacks, as it exploits the psychological weaknesses of humans. Studies show that an overwhelming majority of cyberattacks are initiated by the clicking of an email.
[36] "Monitoring Tool Profiles User Behavior to Reveal Human Risk"
This article pertains to human behavior. A new tool called Blindspotter features monitoring capabilities that map and profile user behavior to reveal human risk. It tracks and visualizes user activity in real-time for a better understanding of what is really happening on the network.
[37] "Elevate Security Set to Solve the Human Element of Cybersecurity"
This article pertains to human behavior. Elevate Security announced that it has raised $8 million, to develop the first fully integrated Security Behavior Platform, to change employees’ habits while giving security teams unprecedented visibility into security readiness.
[38] "Privacy Laws do Not Understand Human Error"
This article pertains to human behavior. In a world of increasingly punitive regulations like GDPR, the combination of unstructured data and human error represents one of the greatest risks an organization faces.
[39] "The Road to Cybersecurity Is Paved With 'Extraordinarily Basic Things'"
It essential that human behavior is understood in the realm of cybersecurity. Security experts should further explore people-centered security and possible models, including disease prevention, disease management, driver education, and more, that could be used to practice such security.
[40] "Utilizing the Human Element to Mitigate Today’s Sophisticated Cyber Threat Landscape"
A large percentage of attacks have been observed to be focused on exploiting human weaknesses. Taking a human-centric approach to cybersecurity has been suggested as a way for organizations to mitigate and prevent data loss.
[41] "Proving the Value of Security Awareness with Metrics that 'Deserve More'"
Awareness programs are a good way to improve human behavior in cybersecurity. Businesses are encouraged to explore different metrics to determine the effectiveness of such programs.
[42] "Cybercriminals Are Not as 'Anonymous' as We Think"
The key to solving cybercrimes is to understand the human side of cybercriminals in relation to their living situation, activities, operations, and who they know. Researchers of the Human Cybercriminal Project in Oxford's Department of Sociology have shared work that suggests the importance of understanding the economic status, infrastructure, and corruption level of a country in which cybercrime is often highly prevalent. Research shows that the examination of these factors could help in better understanding, investigating, and fighting against cybercrime.
[43] "Despite Disclosure Laws, Cybercrime May be Widely Underreported"
This article pertains to human behavior. When cybersecurity teams report directly to a designated and experienced cybersecurity executive, cybersecurity teams report having significantly more confidence in their team’s capability to detect attacks and respond effectively.”
This article pertains to human behavior. The studies conducted demonstrate that in a “hybrid systems”—where people and robots interact socially—the right kind of AI can improve the way humans relate to one another.”
[45] "Trust Nothing: a Life in Infosec is a Life of Suspicion"
This article pertains to human behavior. Seeing ridiculous vulnerabilities made the author embark on a mission to make all people in his company care about security.
[46] "Subtle Visual Cues in Online Forums Nudge Users to Reveal More Than They Would Like"
Findings of a study conducted by Penn State researchers reveal that icons can be used to nudge people into disclosing more sensitive information about themselves online. Spam sites can use these subtle visual cues to get people to share their personal information.
[47] "Human Error Still the Cause of Many Data Breaches"
With the incidence of reported data breaches on the rise, it was discovered that 53 percent of C-suite executives, and nearly three in ten (28%) of small business owners who suffered a breach was caused by human error or accidental loss by an external vendor/source.
[48] "How Human Bias Impacts Cybersecurity Decision Making"
Psychologist and Principal Research Scientist at Forecepoint, Dr. Margaret Cunningham, conducted a study in which she examined the impacts of six different unconscious human biases on decision-making in cybersecurity. Awareness and understanding surrounding cognitive biases in the realm of cybersecurity should be increased in order to reduce biased decision-making in the performance of activities such as threat analysis and prevent the design of systems that perpetuate biases. The biases examined by Dr. Cunningham include aggregate bias, anchoring bias, confirmation bias, and more.
[49] "Protecting Systems from Rogue Root Users"
Root users hold high-level privileges on a network, which allows them to install and manage software or hardware. System administrators within a cloud infrastructure also have root credentials to enable them to maintain operations and the performance of the cloud. However, these privileges could be misused as a result of disgruntled employees or successful social engineering attacks on administrators.
References
[1] The Human Factor: People-Centered Threats Define the Landscape. (2018). Retrieved from https://www.proofpoint.com/sites/default/files/pfpt-uk-tr-the-human-factor-2018.pdf
[2] How to Hack a Human. (2016, June 10). Retrieved from https://www.cser.ac.uk/news/malicious-use-artificial-intelligence/
[3] Swinhoe, D. (2016, July 26). The Psychology Behind Why We Fall for Social Engineering Attacks. Retrieved from https://www.idgconnect.com/idgconnect/analysis-review/1007161/psychology-fall-social-engineering-attacks
[4] Christchurch Tragedy-Related Scams and Attacks. (2019, March 18). Retrieved from https://www.cert.govt.nz/individuals/alerts/christchurch-tragedy-related-scams-and-attacks/
[5] Arghire, I. (2018, May 15). Exploiting People Instead of Software: Report Shows Attacker Love for Human Interaction. Retrieved from https://www.securityweek.com/exploiting-people-instead-software-report-shows-attacker-love-human-interaction
[6] Collins, E., Hinds, J. (2019, May 16). How to Break Our Bad Online Security Habits – with a Flashing Cyber Nudge. Retrieved from https://phys.org/news/2019-05-bad-online-habits-cyber-nudge.html
[7] Employees are aware of USB drive security risks, but don’t follow best practices. (2019 May 15). Retrieved from https://www.helpnetsecurity.com/2019/05/15/usb-drive-security-risks/
[8] A New Cybersecurity Research Group Focuses on Human Behavior. (2018, September 24). Retrieved from https://www.cser.ac.uk/news/malicious-use-artificial-intelligence/
[9] DHS cyber specialist: look for behavior patterns with APTs. (2018, Jun 11). Retrieved from https://www.cyberscoop.com/dhs-cyber-specialist-look-for-behavior-patterns-with-apts/
[10] Despite warnings, most people still don’t change their passwords. (2019 May 13). Retrieved from https://www.helpnetsecurity.com/2019/05/13/people-password-habits/
[11] Safran, R., Desai, U. (2019, April 24). Attackers Aren't Invincible & We Must Use That to Our Advantage. Retrieved from https://www.darkreading.com/vulnerabilities---threats/attackers-arent-invincible-and-we-must-use-that-to-our-advantage/a/d-id/1334437
[12] How a Personality Trait Puts You at Risk for Cybercrime. (2018, December 17). Retrieved from https://msutoday.msu.edu/news/2018/how-a-personality-trait-puts-you-at-risk-for-cybercrime/
[13] Stilgherrian. (2018, May 15). Individualism May Make You Better at Catching a Phish: Research. Retrieved from https://www.zdnet.com/article/individualism-may-make-you-better-at-catching-a-phish-research/
[14] Ovelgonne, M., Dumitras, T., Prakash, B. A., Subrahmanian, V. S., Wang, B. (2017, July). Understanding the Relationship between Human Behavior and Susceptibility to Cyber Attacks: A Data-Driven Approach. Retrieved from https://www.cs.umd.edu/~vs/pubs/behavior.pdf
[15] Lynch, J. (2018, December 13). Hackers Are Making Their Attacks Look like They Came from the Chinese Government. Retrieved from https://www.fifthdomain.com/industry/2018/12/13/hackers-are-making-their-attacks-look-like-they-came-from-the-chinese-government/
[16] Claiming Credit for Cyberattacks. (2018, June 12). Retrieved from https://www.eurekalert.org/pub_releases/2018-06/uoc-ccf061218.php
[17] Capone. J. (2019, May 25). The Impact of Human Behavior on Security. Retrieved from https://www.csoonline.com/article/3275930/the-impact-of-human-behavior-on-security.html
[18] Matsakis, L. (2018, August 12). To Identify a Hacker, Treat Them Like a Burglar. Retrieved from https://www.wired.com/story/case-linkage-hacker-attribution-cybersecurity/
[19] Winnefeld. J, Kirchhoff.C, Upton. D. (2015 September). Cybersecurity’s Human Factor: Lessons from the Pentagon. Retrieved from https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon
[20] Stephen. M. W. (2019 May 16). Oh The Humanity! Why People Are Your Biggest Cybersecurity Risk Factor. Retrieved from http://techgenix.com/cybersecurity-risk-factor/
[21] Waterfield. P. (2019 May 29). 25% of Workers Would Give Away Data for 1,000 pounds. Retrieved from https://www.infosecurity-magazine.com/news/25-percent-of-workers-would-give/
[22] Higgins, K. J. (2018, March 28). Destructive and False Flag Cyberattacks to Escalate. Retrieved from https://www.darkreading.com/attacks-breaches/destructive-and-false-flag-cyberattacks-to-escalate/d/d-id/1331390
[23] Cosgrove, A. (2019, March 4). Human Behavior Can Be Your Biggest Cybersecurity Risk. Retrieved from https://www.helpnetsecurity.com/2019/03/04/human-behavior-cybersecurity-risk/
[24] Miller, S. (2017, November 15). What Makes Hackers Tick? Retrieved from https://gcn.com/articles/2017/11/15/hacker-bio-monitoring.aspx?admgarea=TC_SecCybersSec
[25] Passwords Serve a Personal Purpose. (2019, May 27). Retrieved from https://www.victoria.ac.nz/news/2019/05/passwords-serve-a-personal-purpose
[26] Turner, M. (2015, May 26). The Human Element of Cybersecurity. Retrieved from https://www.securitymagazine.com/articles/86387-the-human-element-of-cybersecurityc
[27] Durbin, S. (2017, November 2). The Human Element: Insider Behavior Facilitates Cyber Attacks, Erodes Business Trust. Retrieved from https://www.securitymagazine.com/articles/88466-the-human-element-insider-behavior-facilitates-cyber-attacks-erodes-business-trust
[28] Mehar, P. (2019, May 9). Study Finds Wi-Fi Location Affects Online Privacy Behavior. Retrieved from https://www.techexplorist.com/study-finds-wi-fi-location-affects-online-privacy-behavior/22998/
[29] Improve Your Information Security by Giving Employees More Options. (2018, March 26). Retrieved from https://www.sciencedaily.com/releases/2018/03/180326192123.htm
[30] Barker, I. (2017, April 27). New Platform Uses Behavioral Science to Cut Cyber Security Risks. Retrieved from https://betanews.com/2017/04/26/behavioral-science-cyber-security/
[31] Margheri, A. (2018, November 5). Social and Behavioural Science in Cyber Security Research. Retrieved from https://medium.com/cybersoton/social-and-behavioural-science-in-cyber-security-research-2f5d2479ad68
[32] Collard, A. (2019, April 18). How Personality Traits Can Influence Online Behaviour. Retrieved from https://www.infosecurity-magazine.com/infosec/how-personality-traits-influence-1-1/
[33] Hulme, G. V., Goodchild, J. (2017, August 3). What Is Social Engineering? How Criminals Exploit Human Behavior. Retrieved from https://www.csoonline.com/article/2124681/what-is-social-engineering.html
[34] Vishwanath, A. (2016, May 5). Cybersecurity’s Weakest Link: Humans. Retrieved from http://theconversation.com/cybersecuritys-weakest-link-humans-57455
[35] Stilgherrian. (2017, November 13). Resilience to Phishing Attacks Is Failing to Improve. Retrieved from http://www.zdnet.com/article/resilience-to-phishing-attacks-is-failing-to-improve/
[36] Monitoring Tool Profiles User Behavior to Reveal Human Risk. (2014, October 9). Retrieved from https://www.helpnetsecurity.com/2014/10/09/monitoring-tool-profiles-user-behavior-to-reveal-human-risk/
[37] Elevate Security Set to Solve the Human Element of Cybersecurity. (2019, February 15). Retrieved from https://www.helpnetsecurity.com/2019/02/15/elevate-security-behavior-platform/
[38] Bower, M. (2018, November 20). Privacy Laws do Not Understand Human Error. Retrieved from https://www.helpnetsecurity.com/2018/11/20/privacy-laws-human-error/
[39] Michaelidis, G. (2018, April 10). The Road to Cybersecurity Is Paved With "Extraordinarily Basic Things". Retrieved from https://behavioralscientist.org/the-road-to-cybersecurity-is-paved-with-extraordinarily-basic-things/
[40] Berg, S. (2018, November 14). Utilizing the Human Element to Mitigate Today’s Sophisticated Cyber Threat Landscape. Retrieved from https://www.atlanticcouncil.org/blogs/new-atlanticist/utilizing-the-human-element-to-mitigate-today-s-sophisticated-cyber-threat-landscape
[41] Winkler, I. (2019, May 22). Proving the Value of Security Awareness with Metrics that 'Deserve More'. Retrieved from https://www.darkreading.com/perimeter/proving-the-value-of-security-awareness-with-metrics-that-deserve-more-/a/d-id/1334739
[42] Cybercriminals Are Not as 'Anonymous' as We Think. (2018, Jun 11). Retrieved from http://www.homelandsecuritynewswire.com/dr20170816-cybercriminals-are-not-as-anonymous-as-we-think?page=0,0
[43] Despite Disclosure Laws, Cybercrime May be Widely Underreported. (2019, Jun 5). Retrieved from https://www.helpnetsecurity.com/2019/06/05/2019-state-of-cybersecurity-study/
[44] Christakis, N. (2019, April). How AI Will Rewire Us. Retrieved from https://www.theatlantic.com/magazine/archive/2019/04/robots-human-relationships/583204/
[45] Zorz, M. (2019, June 6). Trust Nothing: a Life in Infosec is a Life of Suspicion. Retrieved from https://www.helpnetsecurity.com/2019/06/06/life-in-infosec/
[46] Swayne, M. (2018, November 6). Subtle Visual Cues in Online Forums Nudge Users to Reveal More Than They Would Like. Retrieved from https://news.psu.edu/story/543000/2018/11/06/research/subtle-visual-cues-nudge-users-reveal-more-online-forums
[47] Human Error Still the Cause of Many Data Breaches. (2019, June 19). Retrieved from https://www.helpnetsecurity.com/2019/06/17/human-error-data-breach/
[48] Zorz, Z. (2019, June 10). How Human Bias Impacts Cybersecurity Decision Making. Retrieved from https://www.helpnetsecurity.com/2019/06/10/cybersecurity-decision-making/
[49] Kumar, A. (2017, September 1). Protecting Systems from Rogue Root Users. Retrieved from https://gcn.com/articles/2017/09/01/hardware-based-security.aspx?admgarea=TC_SecCybersSec