Exploring the link between
human cognition and
cybersecurity.
Dr Lee Hadlington
Psychology and Technology Research Group.
Who Am I?
 PhD in Cognitive Psychology in 2005;
 The irrelevant sound effect (really exciting! Sarcasm
doesn’t come through well via PowerPoint).
 Background in experimental methods, quantitative
research methods.
 Came to DMU in 2006 – spent a number of years
sitting around thinking about research !
 Accidentally (!) stumbled into cyberpsychology –
preliminary research with Defence Science and
Technology Lab (DSTL).
 Then the journey down the rabbit hole began!
My research trajectory
 First dedicated research project – exploring how digital technology
shapes human cognition (DSTL).
 What did that show me?
 Limited research and understanding.
 But there was some research out there.
 Could I start to pull this together ?
 Started thinking about this BUT got distracted:
 Large scale project looking at systematic detection of Insider Threat
Second project exploring automated cyberdefence
 Third project looking at insider threat within business supply chain
 Fourth project – working with large multinational exploring gamification in
the context of cybersecurity.
 And then got back to thinking about the first bit !
Exploring Cybercognition
 Started to explore aspects of human cognition in the context of
digital technology.
 Could aspects of addiction to digital technology impact on basic
elements of attention ?
 Simple answer – yes !
 Hadlington (2015) – clear link between Internet addiction, mobile
phone addiction + cognitive failures.
 First evidence that problematic use of digital tech – had some bearing
on human cognition.
 Limitations – does internet addiction cause inattention or are those
with poor attentional control – precluded to Internet addiction !
 Repeated study with Smartphone addiction – guess what – the
same findings were apparent!
So, what next !
 I got distracted again !
 Involved in the East Midlands Police Academic
Collaboration.
 Network Lead – Serious Organised Crime: Cybercrime
and Cybersecurity.
 Aims – to explore susceptibility to cybercrime and examine
human factors in Cybersecurity.
 Began with SMEs (Small Medium Enterprises – those
organisations with less that 250 employers)
 What did this show me ? Well, to be honest, small businesses
are really apathetic about cybersecurity (in the main) – UNTIL
THEY GET ATTACKED !
 Many employees – rely heavily on management and company
infrastructure to protect them.
Attitudes to cybersecurity
 98% Believed that it was the responsibility of MANAGEMENT to
protect the company from Cybercrime.
 58% Didn’t know how they could protect the company from
cybercrime
 55% Didn’t think they had the right skills.
 80% Asserted that believed cybercriminals were more advanced
than those who were preventing attacks.
 84% More could be done to communicate the risks from
cybercrime to the organization
 48% Didn’t feel confident in being able to detect a cyberattack
 44% Wouldn’t know how to report a cyberattack if one happened.
 32% Not their responsibility to report a cybercrime within the
company
And if you want to be scared!
 33% - used their own USB to transfer work data onto.
 44% - relied on a friend or colleague to provide them with
advice on Cybersecurity.
 67% - Used free-to-access public WI-FI
 47% - Online Storage Systems to exchange/store personal
information.
 69% (!) – Used the same password for multiple websites.
 40% - Created basic passwords
 27% - Shared passwords with Friends and colleagues.
What is the most destructive
element in Cybersecurity?
In the meantime
 Went back to the original premise of
‘Cybercogntion’
 Dual purpose term:
 Describes the cognitive processes we use online.
 Refers to the potential for digital technology to change or
alter cognitive processes.
 Decided there was enough research out there to
bring together in a book …and wrote it!
 Written as a textbook which is accessible to
everyone, irrespective of technical background.
Current Work
 Embedded volunteer within Local Digital Media Investigators
(they make good tea and have cakes!)
 Focus groups – exploring experiences of frontline staff in
the context of cybercrime and cybersecurity.
 Exploring attitudes and behaviours of younger adults
(under 18) in context of cybercrime and cybersecurity.
 Examining more effective mechanisms of communicating
effective information security awareness to everyone.
 Wider Work:
 Examining the link between cyberloafing, Internet addiction and
Information Security Awareness (In collaboration with Kathryn
Parsons, Australian Ministry of Defense – in review)
 Focus groups – Ipad technology use in the home, 8-9 year olds –
they are sneaky !
Where you can find me
 Email – [email protected]
 Twitter - @HadlingtonLee
 Local bookshop (if they exist!) >