Confusion Between Internet Security And Privacy May Have Implications Leaving Individuals And Organizations Vulnerable To Attacks; Cultural / Attitudinal Differences Contribute To Weaknesses
Development Of New Training Programs Recommended, According To Ualbany Study
Albany, NY - February 2, 2017 (Investorideas.com Newswire) It is not unusual for the most private people - those who eschew social media, and refrain from posting personal information - to use very basic (and therefore breachable) passwords to protect their personal information.
The causes for this contradiction, as well as possible solutions that could save individuals and organizations from being victims of stolen identities and data theft, can be found in the latest study from Dr. Sanjay Goel and doctoral candidate Ersin Dincelli, both of the University at Albany. The study, "Can Privacy and Security Be Friends? A Cultural Framework to Differentiate Security and Privacy Behaviors on Online Social Networks," shows that cultural values may be at the heart of many vulnerabilities. The findings, presented at the 50th Hawaii International Conference on System Sciences (HICSS) in January, also indicate that businesses and other organizations might do well to tailor security interventions, such as training, policies, and messages, to attitudinal specificities.
"Individuals who accept hierarchical control tend to disclose more information, particularly those who come from cultures where there is an additional level of control by government and employers," said Dr. Goel. "These people are more trusting of authority. Conversely, those from freer societies, who question government, are more protective of their privacy."
The study notes that online social networks (OSNs) have contributed to large amounts of data being collected about individuals, much of it voluntarily disclosed. Such disclosure puts both individuals and organizations at risk of security and privacy-related threats, such as attacks that involve ascribing identity (individual or organizational) to confidential information on OSNs through the use of re-identification algorithms; social engineering attacks, such as spear-phishing, where highly contextualized emails are created based on information that is available on users' OSN profiles; and malware attacks through malicious links on OSNs. Such threats need to be countered aggressively, by employee training, security policies and security reminders, to mitigate information security risks.
Here are the study's main conclusions:
- Online privacy and security behaviors are often used interchangeably, with little research devoted to explaining how, and to what extent, these two behaviors vary from one another.
- There are subtle differences between privacy and security behaviors that call for the terminologies to be used with caution, as they are inherently distinct, and are affected differently by cultural characteristics and other factors.
- The findings addressed one possible reason for inconsistent results of previous cross-cultural internet security research. Examining online behaviors based on national culture, or by categorizing individuals under broad cultural values, is simplistic, and can lead to potentially misleading results. To address this gap, individuals should be segmented per their characteristics, allowing for more accurate comparisons in cross-cultural research.
Dr. Goel believes the study sheds light on the need to design and implement interventions, such as contextualized security trainings, warnings, and policies aimed at motivating individuals with diverse cultural backgrounds to adopt better privacy and security behaviors. Also, even though users' privacy and security decisions are independent, disclosing information (weak privacy) can negatively influence their Internet security.
"We found distinct mechanisms underlying these two behaviors and identified predictors of each, which practitioners can target as key determinants when promoting better privacy and security behaviors," said Dr. Goel.
The data for the study was collected from 183 participants who were asked about their privacy and security habits of social media. These were people who were actively using Facebook and were from diverse backgrounds (Hispanic, Asian, Caucasian, and African-American) within the United States. The data was analyzed using the statistical technique of structured equation modeling to examine the causal relationships between privacy, security, and cultural values.
Dr. Sanjay Goel
Sanjay Goel, Ph.D. is a Professor in the School of Business at the University at Albany, SUNY (UAlbany) and Director of research at the NYS Center for Information Forensics and Assurance at the university. He has worked at General Electric Global Research on engineering optimization primarily related to aircraft engine and power turbines. His research group at the UAlbany is currently engaged in cybersecurity and cyber warfare-related projects including: investigation of computer security threats such as botnets and malware, risk analysis, security policy development and evaluation, security modeling, and development of self-organized complex systems. Dr. Goel's self-organized system research includes traffic light coordination, nano-bio computing, and security modeling. He currently leading an effort launched by IEEE Communications Society and the IEEE Standards Association to create a vision for the Smart Grid future 15 years ahead. Dr. Goel has published more than 50 articles in refereed journals and conference publications. He is a recognized international expert in information security and cyber warfare, and has given plenary talks at conferences throughout the world. He serves as the UAlbany representative of the Capital Region Cyber Crime Partnership, and is one of the key members of the international volunteer group Project Grey Goose, which investigates incidents of cyber warfare internationally.
About the University at Albany
Educationally and culturally, the University at Albany-SUNY puts the world within reach for its more than 17,300 students. A comprehensive public research university, UAlbany offers more than 120 undergraduate majors and minors and 125 master's, doctoral, and graduate certificate programs. UAlbany is a leader among all New York State colleges and universities in such diverse fields as atmospheric and environmental sciences, business, criminal justice, emergency preparedness, engineering and applied sciences, informatics, publicadministration, social welfare, and sociology taught by an extensive roster of faculty experts. It also offers expanded academic and research opportunities for students through an affiliation with Albany Law School. With a curriculum enhanced by 600 study-abroad opportunities, UAlbany launches great careers.
This news is published on the Investorideas.com Newswire - a global digital news source for investors and business leaders
Disclaimer/Disclosure: Investorideas.com is a digital publisher of third party sourced news, articles and equity research as well as creates original content, including video, interviews and articles. Original content created by investorideas is protected by copyright laws other than syndication rights. Our site does not make recommendations for purchases or sale of stocks, services or products. Nothing on our sites should be construed as an offer or solicitation to buy or sell products or securities. All investment involves risk and possible loss of investment. This site is currently compensated for news publication and distribution, social media and marketing, content creation and more. Contact each company directly regarding content and press release questions. Disclosure is posted for each compensated news release, content published /created if required but otherwise the news was not compensated for and was published for the sole interest of our readers and followers. More disclaimer info: http://www.investorideas.com/About/Disclaimer.asp
Additional info regarding BC Residents and global Investors: Effective September 15 2008 - all BC investors should review all OTC and Pink sheet listed companies for adherence in new disclosure filings and filing appropriate documents with Sedar. Read for more info: http://www.bcsc.bc.ca/release.aspx?id=6894. Global investors must adhere to regulations of each country.