Usable Security Lessons from Covid: Why Johnny can’t secure small business

March 7th, 2022

  • Date: 28th October 2021, Thursday 3-4pm AEDT

Speaker: Professor Alana Maurushat, Professor of Cybersecurity and Behaviour, School of Social Sciences, Associate Dean International, School of Computers, Data and Math Sciences

Title: Usable Security Lessons from Covid: Why Johnny can’t secure small business.



Abstract: The rate and effects of the Covid virus were not the only thing to spread in 2020 and 2021; we also witnessed an exponential increase in cybersecurity incidents.  During lockdown industry , government and people had to improvise literally overnight, and continue to evolve and, in some instances, re-organise in order to deal with cybersecurity incidents. We accidentally ended up conducting research on cybersecurity and small business during Covid.  Our accidental experiment motivated us to expand the work into something more formal.  We examined the cybersecurity principles in NIST and the ASD8, mapped them with existing training materials online, and evaluated if a small business could read and watch the training materials, then implement just one recommendation from the NIST and ASD8.  Not a single small business could implement or understand any of the materials enough to implement even one recommendation.  Following the results, we started to explore in detail the existing literature, videos and other dedicated to cybersecurity training for small business, NIST and ASD8.  What did we find?  That none of these materials or the principles are usable for small business.  Moreover, many of the recommendations found in ASD8 and NIST are not affordable for small business.    This presentation explores ways on how we as a community can improve the usability of cybersecurity and privacy for small business.


Dr. Alana Maurushat, is Professor of Cybersecurity and Behaviour at Western Sydney University and Director of the cyber incident response centre (WCACE) where she holds a joint position in the School of Computers, Data and Mathematical Sciences, and in the School of Social Sciences.   She is currently researching on payment diversion fraud and ransomware, cyber risk management,  cognitive human centre cyber, neuro-morphic approaches to extreme edge computing, tracking money-laundering through bitcoin blenders, distributed extreme edge computing for micro-clustered satellites, and ethical hacking.   She is the Cyber-Ambassador for the NSW Cybersecurity Node with AusCyber and sits as an expert reviewer in cybersecurity and big data with the Australian Research Council.  She is Special Advisor for the cybercrime investigation company IFW Global who investigate the people and organised syndicates behind cybercrime. She lectures and  researches in Cybersecurity, Privacy and Security by Design, Cybercrime,  Cyber Risk Management, and Artificial Intelligence across the disciplines of law, criminology, business, political science and information communications technology. Alana has done consultancy work on cyber security, cryptocurrency, online drug markets, open data, big data, technology and civil liberties for both the Australian and Canadian governments, industry and NGOs. Alana has done media with 60 Minutes, the New York Times, Wall Street Journal, Insight, ABC, and 730 Report, and is the author of many books and articles.