Timing is Everything: Context-Based Cybersecurity Training

Notes:

• Joakim Kävrestad is an Assistant Professor of Computer Science at Jönköping University, with a background in networking and cybersecurity.
• He shifted his focus to the societal and psychological aspects of cybersecurity, emphasizing human behavior.
• Joakim developed Context-Based Micro-Training (CBMT) to provide cybersecurity training at relevant moments, improving user engagement and retention.
• CBMT integrates training into real-world scenarios, such as reading emails or creating passwords, to address common cyberattack methods.
• Traditional cybersecurity training methods are critiqued for their lack of effectiveness in retaining user attention and knowledge.
• Joakim used a design science approach to refine CBMT, involving over 1800 survey participants and 300 experiment participants in the process.
• Evaluations show that CBMT supports secure user behavior and is well-received by users.
• The importance of usability in security practices is emphasized, highlighting that user-friendly training increases adoption and compliance.
• CBMT provides a guide for practitioners on implementing effective cybersecurity training and supports procurement decisions.
• Future research should explore the interplay between training and other support mechanisms, as training alone is insufficient to ensure comprehensive cybersecurity.

About our guests:

Joakim Kävrestad

https://ju.se/personinfo.html?sign=KAVJOA

https://www.linkedin.com/in/joakimkavrestad/

Papers or resources mentioned in this episode:

1. Kävrestad, J., Hagberg, A., Nohlberg, M., Rambusch, J., Roos, R., & Furnell, S. (2022). Evaluation of Contextual and Game-Based Training for Phishing Detection. Future Internet, 14(4), 104. https://doi.org/10.3390/fi14040104
2. Kävrestad, J. (2022). Context-Based Micro-Training: Enhancing Cybersecurity Training for End-Users (Doctoral dissertation). University of Skövde. ISBN 978-91-984919-9-9. Link to dissertation
3. Kävrestad, J., & Nohlberg, M. (2020). Context-Based Micro-Training: A Framework for Information Security Training. 14th International Symposium on Human Aspects of Information Security and Assurance (HAISA), Mytilene, Lesbos, Greece, 71-81. https://doi.org/10.1007/978-3-030-57404-8_6

Other:

The button that makes a noise at a street crossing is called a “pedestrian call button” Interestingly they work differently in different countries, They look different, they feel different, they make different noises, some of them have haptic indicators, some call for the lights to change, some don’t, some make sound all the time others just provide more accessible indicators when pressed.