Security and Safety as a Behavior

Prominent approaches to online security and safety are mainly based on technical solutions that provide users with configuration management to set up their access controls and privacy settings. Cybercriminals often defeat cyber security by exploiting weaknesses in human behavior such as their culture, belief systems, and personality.

In Security and Safety as a Behavior (SubProject#4), (Qatar University (QU), HBKU College of Science and Engineering (CSE), Bournemouth University (BU)), we research a behavior-based approach to security and safety. We investigate hacking and social engineering techniques that are successful in the Arab world and propose socio-technical approaches to enhance resilience to manipulators online and encourage reporting. The solutions are based on the approaches of behavior rehearsal, simulation, and social norms.

We want to understand the use of manipulation techniques and their exploitation of the socio-cultural characteristics in Qatar. For example, initial results from one of our PhD students have shown that financial fraud uses family values and commitment in the Gulf area. We will then propose socio-technical approaches to increase attitudinal resilience to online safety and security threats. Furthermore, reporting online manipulation and threats can be challenging due to cultural values and norms. Through our ongoing communication with key informants in this area in Qatar, e.g. SafeSpace program in the Ministry of Communications and Information Technology (MCIT), it seemed that some fear of exposure and a lack of awareness of the privacy and confidentiality settings adopted by the official parties. Hence, we want to provide solutions to motivate people to report and ask for help when they encounter manipulators online.

1. To study techniques used by manipulators in security attacks and social engineering in the Arab world and measure susceptibility to them and reasons why victims refrain from reporting and speaking out.

2. To research, develop and test intervention techniques to build resilience to online manipulation used in security attacks and social engineering.

3. To research and test intervention techniques to encourage the reporting of online manipulation.