Behavioral cybersecurity: Online safety at the intersection of humans, technology, and organizations - The University of Tulsa
Close Menu
Close Menu

Behavioral cybersecurity: Online safety at the intersection of humans, technology, and organizations

Hardly a week goes by without a report in the media of a cybersecurity breach – either a friend has had her banking information hacked or yet another health system has succumbed to a major ransomware invasion. Despite all the best digital defenses against such attacks, they just keep happening.

Stephen Flowerday

According to Professor of Cyber Studies Stephen Flowerday, there is broad consensus that protecting individuals and organizations against cyber attacks cannot be addressed by technology alone: “A significant aspect of security comes down to the people involved.” Indeed, “people can potentially represent a key asset in developing and implementing a successful security strategy.”

After many years working in digital communications in the United Kingdom and as an information systems professor in South Africa, Flowerday recently joined The University of Tulsa’s College of Engineering & Computer Science. In the School of Cyber Studies, Flowerday directs the graduate program and coordinates the undergraduate capstone course. His personal research agenda resides at the intersection of cybersecurity’s human, technological, and organizational aspects. “I am interested in understanding more fully why and how people fall victim to phishing and ransomware, and how we can better manage online privacy,” he said.

Flowerday’s explorations take place within a framework of “behavioral cybersecurity,” the main elements of which are:

·      Understanding the behaviors of users and entities within an environment
·      Comprehending the behaviors of adversaries, including their motivations and methods of attack
·      Monitoring activity so deviations from standard behavior patterns can be identified and dealt with quickly

Flowerday’s current behavioral cyber security research includes identifying people who are the most susceptible to phishing attacks based on their personality traits. He is also exploring how to identify the people who are most vulnerable to social media privacy violations based on their cognitive biases.

“The insights I’m gathering feed into a larger theme of employees’ security hygiene practices,” noted Flowerday. Within this sphere of organizational cyber security, Flowerday’s investigations address both the individual and corporate levels, including intentional and unintentional breaches whereby various threats exploit vulnerabilities in a system of internal controls and countermeasures. Developing this understanding is crucial, Flowerday believes, because “defenses must be planned carefully in order to align with human behavior, which is highly complex, as well as technological advances – all set within the context of organizations’ specific contexts and cultures.”