2024

Tikanmäki, Ilkka; Ruoslahti, Harri

Social engineering attacks often exploit human traits like trust or fear, targeting network devices and personnel. Human vulnerabilities often stem from carelessness, unintentional errors, or lack of awareness. This study investigates how these and other human factors influence cybersecurity while also recognising the role of technology. Threats due to human elements, such as social engineering, cognition, and organisational security cultures, and outside influences, e.g., intentional cybercrime and phishing, can be countered with cyber skills and training. This research looks at prior findings in the areas of individual differences, such as intelligence, cognition, personality traits, and personal cybersecurity behaviours. Organisational factors, such as resource allocation, legal requirements, and technology design, are critical components that influence cybersecurity. This study notes the interconnectedness of the fields of cybersecurity, privacy, and application security. Based on a review of project deliverables, this study highlights cognitive biases, compulsive internet usage, cyberloafing, and password vulnerabilities as significant recognised challenges. Additionally, the study delves into organisational implications, including the role of, e.g., organisational culture in risk mitigation and the impact of Bring Your Own Device policies on security. Ultimately, the findings underscore the importance of holistic approaches to cybersecurity, integrating human, organisational, technological, legal, and ethical considerations.