CybersecurityA new cybersecurity research group focuses on human behavior

Sociologist David Maimon’s earliest research examined the effects neighborhoods have in determining why some people in neighborhoods engage in crime and deviant behaviors. In 2010, he turned his focus to cybercrime and the unique online ecosystem in which cybercriminals thrive.

Maimon leads the Evidence-based Cybersecurity Research Group in the Andrew Young School of Policy Studies. For this group, he has formed a team, including Georgia State’s chief innovation officer, computer science faculty from the College of Arts & Sciences, computer information systems faculty from the J. Mack Robinson College of Business and criminologists from the policy school to partner in research with cybersecurity experts from around the world. Maimon is also the first Next Generation faculty member hired to teach in Georgia’s new FinTech Academy, a Georgia Board of Regents talent initiative with a hub at Georgia State.

We are trying to understand the interactions among the four major actors in the cybercrime ecosystem: cybercriminals, enablers (individuals who support online criminal operations), targets and guardians (official law enforcement agencies and system administrators). No one else is bringing together human behavior and these tools in as comprehensive way as our group does to look at the four actors, technology and ecosystem.”

GSU says that the cybersecurity research group will produce evidence on each of the actors in the cyber ecosystem and on the effectiveness of different tools in nudging them to respond in ways “we want them to behave,” said Maimon. “The work of this research group will help redefine and improve cybersecurity.”

For its first project, the research group is analyzing data collected with students in Israel and China.

“It’s a cool data set from an experiment and data collection we ran in both countries,” Maimon said. “We plugged computers into the internet for hackers to attack. The hackers found the computers, broke in and used them to do anything they had in mind. They didn’t know we were monitoring them. We followed them to produce evidence on what they do and how we can intervene and contain the attack.”

They are also looking at the behavior of computer users, the targets of cybercrimes.

“If you don’t know what makes a computer user click on a link, particularly a malicious link, you’re not able to defend the system,” Maimon said. “Do you know how effective the security software on your system is? Part of the problem we’re trying to address is the effectiveness of some of those tools and policies. How effective is it to have a firewall, surveillance means, anti-virus technology—that’s what we’re trying to do.”

Outreach to individuals, industries and institutions is important, Maimon said.

“Governments, for example, need to comply with different policies and think about the effectiveness of the tools they use to protect their systems. Phishing is a big issue. Chief information security officers (CISO) need to make decisions about which populations are more vulnerable to attacks.

“What our group can bring to the table is ways to identify those people. Once we identify specific populations susceptible to attacks, the CISO can target those populations with awareness campaigns and then test to see if the program was effective in achieving its goal. There aren’t too many people doing this work and attempting this approach.”

His goal for the Evidence-based Cybersecurity Group is that it become an essential resource to businesses, governments and individuals in preventing cybercrime.

“We want people to think of this group and our work as a resource for guiding these targets—and guardians—in respect to policy, tools and approaches to conduct better cybersecurity. That’s what this group and our approach are all about.”