Career Paper
Paul Cumiskey
Diwakar Yalpi
Cybersecurity and the Social Sciences
November 17, 2024
Career Paper – How Cybersecurity advocates use the social sciences and their principles to
reduce cyber threats
Introduction
When people think of cybersecurity, they usually think of topics that go over their head.
Things like network security, hackers, and large data breaches in the past make it seem like an
inevitable threat. However, shockingly, 95% of cybersecurity breaches result from human error.
(OVHcloud. (n.d.). Cyber threat: The role of human error This means that the best way to
mitigate cyber threats is to understand social science principles and how they interact with
cybersecurity. The profession that has to keep this in mind the most and educate others about
how cybersecurity and social science are integrated is cybersecurity awareness advocates.
Cybersecurity awareness advocates are essential and provide the much-needed insight into the
social sciences to successfully mitigate human error in cyber breaches.
Security Awareness Advocate
To understand what impact a security awareness advocate has on cybersecurity, we first
need to know what a cybersecurity awareness advocate is. The primary role of Security
Awareness Advocates is education. They try to promote the best security practices to individuals.
Practices such as strong passwords, phishing email detection, and social engineering. They keep
human factors in mind while educating people about cybersecurity. Haney J. and Lutters, W.
state in “How cybersecurity advocates overcome negative perceptions of security” that many
people have a rather negative perception of cybersecurity. Security awareness advocates help to
mitigate some of that negative perception.
The application of social sciences
Security awareness advocates need to have a focus on social science while they are
educating. This is because they need to focus on human-centered cybersecurity to successfully
mitigate potential data breaches. One area of the social sciences that needs to be kept in mind is
behavioral psychology. This allows security advocates to understand why people take security
risks by understanding their decision-making and habit formation. Another social science that
security advocates need to have a strong understanding of is sociology. Understanding sociology
allows them to understand how peer behaviors and social norms can affect cybersecurity
practices. Economics and decision science can also help security advocates analyze and
understand why people make security errors. They can use cost-benefit analysis to help educate
individuals on just how much they are risking by making security errors. They can also
implement incentives to reward safe behavior. Lastly, and most important for cybersecurity
awareness advocates, is understanding human factors and ergonomics. This helps to ensure a
user-centered cybersecurity design. It will also help cybersecurity advocates keep in mind the
cognitive load on the ones they are teaching.
Career connection to society
Cybersecurity awareness advocates have a complex and dynamic relationship with
society. This is due to them being needed to educate users about cyberthreats and how to avoid
them. Cybersecurity awareness advocates will eventually seem dull and boring to many people
after they have already heard the main talking points about security. This leads some people to
think that they are not needed after a while. However, the amount of data breaches caused by
human error has only increased in the past decade. This showcases just how important
cybersecurity awareness advocates are.
Connection to marginalized groups.
Cybersecurity awareness advocates help marginalized groups in a plethora of unique
ways. First, cybersecurity awareness advocates make a point to present data in a clear and
precise way so that it can be easily understood by many backgrounds. Cybersecurity awareness
advocates will also usually make a point to keep in mind that for some people, English might not
be their first language. So they will oftentimes make a separate presentation in different
languages. Cybersecurity awareness advocates will also make a point to support vulnerable
groups such as the elderly, children, and even immigrants. Oftentimes, the elderly will not be
knowledgeable about how technology works. This leads them to be susceptible to phishing
scams and many other cyber threats. This is why cybersecurity awareness advocates typically
make it a point to sufficiently educate the elderly on these issues. Lastly, children in many cases
spend the most time online, so cybersecurity awareness advocates do try to keep them in mind
when making presentations.
Conclusion
In conclusion, cybersecurity awareness advocates play a very crucial part in battling
significant cybersecurity vulnerabilities. They do this mainly by applying social sciences and
social science principles to the cybersecurity awareness education they do. Cybersecurity
awareness advocates also make a point to educate marginalized groups such as the elderly,
immigrants, and children, as well as the public. They effectively tailor their presentations to
reach their audience in the best way they can. Cybersecurity awareness advocates are able to
effectively turn the very technical field of cybersecurity into an easy-to-understand and digestible
topic for the public. This is why cybersecurity awareness advocates are essential and provide the
much-needed insight into the social sciences to successfully mitigate human error in cyber
breaches.
Works Cited
Carley, K. M. (2020). Social cybersecurity: An emerging science. Springer Nature Link, Social
Cyber-Security. Retrieved from https://link.springer.com/article/10.1007/s10588-020-09322-9
Haney, J., & Lutters, W. (2017). Skills and characteristics of successful cybersecurity advocates.
University of Maryland, Baltimore County. Retrieved from
https://www.usenix.org/system/files/conference/soups2017/wsiw2017-haney.pdf
Haney, J., & Lutters, W. (2018). How cybersecurity advocates overcome negative perceptions of
security. University of Maryland, Baltimore County. Retrieved from
https://www.usenix.org/conference/soups2018/presentation/haney-perceptions
Lin, Y.-Y., Hsu, H.-M., & Hsu, S.-C. (n.d.). A study of the effects of information security
advocacy. Association for Information Systems, AIS Electronic Library (AISeL). Retrieved from
https://core.ac.uk/download/pdf/326833228.pdf
OVHcloud. (n.d.). Cyber threat: The role of human error. Retrieved November 24, 2024, from
https://us.ovhcloud.com/resources/blog/cyber-threat-human-error/