Interactive Behavioural Analytics for Cyber Security

Data61 is uncovering the fundamental drivers of human behaviour in cyber security by combining data analytics and cognitive psychology.  By focussing on the behavioural aspect of the problem-space, we seek to mitigate human-in-the-loop cyber-attacks by transforming people from the weakest link into an active line of defence.

The Challenge

Emerging research is increasingly showing that the vast majority of cyber security compromises arise from the exploitation of the vagaries of human behaviour.  Technical solutions cannot provide reliable protection when, for example, users use weak passwords, fail to update software and install browser patches, and respond to illegitimate emails.

Malign actors in the cyber domain understand the frailties of the human brain all too well, and are crafting exploits with ever increasing sophistication to exploit human vulnerabilities of perception, attention, motivation and cognitive biases.  The IBA cyber security team addresses this battlefront by understanding and therefore developing approaches and solutions to mitigating the human aspect of cyber-security.

Our Response

Building on the experience of the established IBA team and Data61’s Enterprise Analytics research group, we are an agile, cross-disciplinary unit uniquely positioned to tackle human behaviour and vulnerabilities in complex, dynamic digital environments. Our unique combination of expertise allows us to understand the ‘Why’ of human behaviour and develop mechanisms to mitigate vulnerabilities arising from ‘human-in-the-loop’ systems and ultimately nudge people towards the desired outcomes.

We collaborate with large financial institutions to characterise the core human behaviours leading to cyber security incidents, and identify staff education needs based on such parameters. Our approach is based on rigorous user testing which delivers validated actionable insights for our partner organisations.

Our multidisciplinary team draws upon Data61’s expertise in:

  • Cognitive Science to unpack the human factors such as cognitive variables, behaviours and biases.
  • Research rigour to quantify and qualify the problem space.
  • Big (and small) data analytics and machine learning to leverage both mass behavioural responses and individual differences.
  • Computer Science for technology innovation.
  • User Experience (UX) for solution design that focuses on the human factors.
  • Cyber security to understand the risk contexts and emerging threats that organisations face.

Our team also has a long track-history of publications and innovate research and product development in associated fields such as: cognitive load measurement, human-machine trust, recommender systems, personalisation, large scale analytics for industry.

Our Approach

By placing the human at the centre of the security problem-space we can address the core behaviours that lead to the vast majority of cyber incidents. Data61’s engagement strategy is collaborative and evidence based. We work closely with organisations and partners to elicit, measure, test, analyse, model, predict and design mitigations to these core cyber security issues.

Our approach involves testing user behaviours with both quantitative and qualitative methods to generate insights relating to the contexts, motivations, cognitive variables and domain relevant factors effecting the security environment. From these research-based approaches we deliver actionable insights and capabilities that organisations can use to empower their staff into an active line of defence against cyber security threats.

Working with Data61

The Data61 IBA Cyber Security team has proven methodologies that we deploy to provide value in collaboration with our clients to develop the right solution to their particular challenges.

Our engagement strategy enables is collaborative and evidence based, allowing clients to solve challenging problems, produce valuable new insights, and deploy customised solutions not available in the market today. Our approach employs a range of processing techniques ensuring data privacy, security and performance. We apply the highest standards of qualitative and quantitative research ensuring professional and efficient communications with client staff. At the end of a discovery journey, we help our clients develop the right cyber security solutions for their needs.