psychological distance in cyber decision making: information about the attackers
DESCRIPTION
Psychological Distance in Cyber Decision Making: Information about the Attackers. 52nd Edwards Bayesian Research Conference Fullerton, 15 February 2014 Jinshu Cui, Department of Psychology Heather Rosoff , Sol Price School of Public Policy Richard John, Department of Psychology - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/1.jpg)
Psychological Distance in Cyber Decision Making:
Information about the Attackers52nd Edwards Bayesian Research Conference
Fullerton, 15 February 2014
Jinshu Cui, Department of PsychologyHeather Rosoff, Sol Price School of Public PolicyRichard John, Department of PsychologyCREATE, University of Southern California
![Page 2: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/2.jpg)
• Human operators are often thought of as a major cause of security failures - “the weakest link in the chain” [Schneier 2008]
• It is difficult for human operators to take cyber threats seriously when few cause serious consequences at the individual level
• Critical to understand perception and behavioral response to cyber threats
Evaluation of Cyber Threats
Identity theft?
Financial fraud?
Computer crash?
![Page 3: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/3.jpg)
• Experience of a near miss significantly increased respondents’ endorsement of safer options, the effect was bigger under a gain frame than a loss frame.
• Experience of a hit significantly increased respondents’ endorsement of safer options relative to the near miss past experience.
• Experience of a false alarm significantly decreased respondents’ likelihood of endorsing safer response options, compared to the near miss past experience.
Rosoff, H., Cui, J., & John, R. S. (2013). Heuristics and biases in cyber security dilemmas. Environment Systems and Decisions, 33(4), 517-529.
Previous Research
![Page 4: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/4.jpg)
Real Crime vs. Cyber Crime
• Personally targeted• Instant consequences• Have information about the
offender, have interaction with the offender, concern about the offender
• Group targeted• Delayed consequences• Rarely have information about
the attacker, have no interaction with the attacker, ignore the attacker
Who? Why?
![Page 5: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/5.jpg)
• Construal level theory (CLT) – “distant” attacks will be viewed abstractly, and “proximal” attacks will be viewed concretely. (Trope & Liberman, 2003, 2010; Trope, Liberman, & Wakslak, 2007)
Motivation
Information about Attackers Attributes Psychological Distance Construal Level
attacker
identification
unknown most distant highest
group distant high
individual proximal low
physical identified individual most proximal lowest
attacker
motivations
unknown most distant highest
terrorism distant high
fame proximal low
money most proximal lowest
![Page 6: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/6.jpg)
• Attacker identification
o group or individual
o physical identified or not
• Attack tactics
o personal accounto database
Experiment 1 – Research Questions
![Page 7: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/7.jpg)
• Attacker Motivations
o money: purchase luxury itemso fame: increase his visibility and reputation within the
hacker communityo terrorism: provide financial support to a Middle Eastern
terrorist group
• Resolution Status
o resolvedo unresolved
Experiment 2 – Research Questions
![Page 8: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/8.jpg)
• Financial attack scenario
• 4 (attacker identification) x 2 (attack tactics) between-subjects design
• Manipulations– Attacker identification:
• unknown• group• individual • individual with picture
– Attack tactics: database vs. personal account
Experiment 1 - Design
![Page 9: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/9.jpg)
Official Bank Notification ___________________________________________________
August 2, 2013
Dear Valued Customer, We are writing to notify you that two days ago, there was an unauthorized attempt to withdraw all of your current funds. (personal account) As of now, we know an individual online hacker is responsible for the breach into your account. (individual attacker) The hacker acted alone in carrying out the attack.
We are working with law enforcement officials and regret any concern or inconvenience this incident may have caused you. We will keep you informed as we make progress in his capture. Kindest Regards,Your Bank
![Page 10: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/10.jpg)
Experiment 1 – Measures
• 10-item PANAS– 1 (not at all) to 5 (extremely)– 5-item negative affect: α = 0.94– 5-item positive affect: α = 0.84
• 4-item Risk Perception: – 0 to 10 / 0% to 100%– α = 0.83
• 8-item Behavioral Intention: – 1 (strongly disagree) to 5 (strongly agree)– 3-item stay with bank: α = 0.63– 3-item stay away from bank: α = 0.75
![Page 11: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/11.jpg)
• Recruited from Amazon Mechanical Turk• N = 239• $0.55 each• Median time to complete: 6 min• 43 % female• 50% 18-30 years old• 98.3% shop online, 92.9% bank online
Experiment 1 – Respondents
![Page 12: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/12.jpg)
Less negative affect associated with pictured individual attacker compared to individual attacker without a picture (p = .038)
low psychological distance would increase participants’ interest in subordinate and secondary aspects (Liviatan, Trope, and Liberman, 2008)
Experiment 1 – Negative Affect
individual individual with picture2
2.2
2.4
2.6
2.8
3
3.2
3.4
3.6
3.8 Mean Score of Negative Affect
database
personal
attacker identification
Mea
n N
egati
ve A
ffect
(1-5
)
attack tactics
![Page 13: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/13.jpg)
More positive affect was experienced if a personal account was attacked compared to a database (p = .024)
Experiment 1 – Positive Affect
database personal1
1.2
1.4
1.6
1.8
2
2.2
2.4 Mean Score of Positive Affect
group
individual
individual with picture
unknown
attacker identification
Mea
n Po
sitive
Affe
ct (1
-5)
attack tac-tics
![Page 14: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/14.jpg)
When database was attacked, respondents are more willing to count on the bank when the attacker was physically identified; with an individual account attacked, there is little difference. (p = 0.036)
Experiment 1 – Protective Behavior
database personal4
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8 Mean Score of Expectation on Bank
individualindividual with picture
attacker identification
Expe
ctati
on o
n Ba
nk (1
-5)
attack tactics
![Page 15: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/15.jpg)
Female respondents tended to experience more negative affect (p = .014), higher perceived risk (p = .022), and were more likely to support for government’s intervention for online protection (p = .021) (Hale, 1996)
Experiment 1 – Sex as a Moderator
![Page 16: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/16.jpg)
• Identity theft scenario• 4 (perpetrator’s motivation) x 3 (resolution status)
between-subjects design• Manipulations
– Perpetrator’s motivation: • fame• money • terrorism• unknown
– Resolution status: • resolved • unresolved• unknown
Experiment 2 - Design
![Page 17: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/17.jpg)
Scene 1: This morning in the mail you received a credit card statement in your name from a company with which you do not have an account. As you looked over the statement, you noticed several cash advances totaling $500. (PANAS)
Scene 2: One week following your receipt of the suspicious credit card statement, you receive the following voice mail:“Good morning, my name is Gabriel Dawson from the Identity Theft Unit of the Police Department. Our investigation into a cyber perpetrator has led us to believe your personal computer has been compromised. We believe this individual hacked into your computer and obtained access to your email account and the cache data of your online activities. In doing so, he was able to obtain your usernames, passwords, banking information, and other personal information. Our investigation thus far shows no evidence that can confirm the perpetrator's intent. (unknown motivation) I plan to be in touch in the coming weeks to report on the progress of our investigation. Please be vigilant in reporting to us any suspicious mail, email, or phone call. Thank you.“ (PANAS, risk perception, short-term behavior)
Experiment 2 – Scenes 1 and 2
![Page 18: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/18.jpg)
Scene 3: In the days following the call from the Identity Theft Unit, you notice an increase in suspicious activity. You are receiving more spam emails, junk mails and phone calls from solicitors. More notably is your receipt of a phone call from the Department of Motor Vehicles confirming the issuance of a new driver's license you did not order. You also receive a letter in the mail from the Internal Revenue Service inquiring about your filing of duplicate income tax returns, suggesting that fraudulent returns were submitted in your name. (PANAS)
Scene 4: Moving ahead to several weeks following the call from the Identity Theft Unit of the Police Department, you receive yet another credit card statement in the mail from a company with which you do not have an account. This statement has a $1,500 balance. (unresolved) It is clear that you are continuing to experience complications as a result of your identity theft and that you are still at risk. (PANAS, risk perception, long-term behavior)
Experiment 2 – Scenes 3 and 4
![Page 19: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/19.jpg)
• 10-item negative affect (from PANAS): – 1 (not at all) to 5 (extremely) – 8-item negative affect (4 time periods): α = 0.93, 0.92, 0.92, 0.94
• 8-item Risk Perception: – 1 (strongly disagree) to 6 (strongly agree)– 5-item risk perception (2 time periods): α = 0.81, 0.83
• 10-item short-term behavior: – check all that apply– Summed number of checked responses
• 12-item long-term behavior: – 1 (strongly disagree) to 6 (strongly agree)– 9-item long-term behavior: α = 0.86
Experiment 2 - Measures
![Page 20: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/20.jpg)
• Recruited from Amazon Mechanical Turk• N = 419• $0.75 each• Median time to complete: 7 min• 44 % Female• 50% 18-29 years old• 72% have at least one credit card, of which:
– 8% have had an account opened fraudulently in their name
– 6% pay for an identity theft protection service
Experiment 2 - Respondents
![Page 21: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/21.jpg)
Respondents experienced less negative affect when the identity theft case was resolved compared to unresolved or unknown
Experiment 2 – Negative Affect
resolved unknown unresolved1.5
2
2.5
3
3.5
4Mean Score of Negative Affect
(Scene 4)
fame
money
terrorism
unknown
resolution status
Neg
ative
Affe
ct (1
-5)
perpetrator's motivation
![Page 22: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/22.jpg)
Respondents perceived less risk of identity theft when the perpetrator was to fund terrorism compared to for money or fame
Participants in the low psychological distance condition reported higher risk perceptions (Chandran&Menon, 2004)
Experiment 2 – Risk Perception
fame money terrorism4.5
4.6
4.7
4.8
4.9
5
5.1
Mean Score of Risk Perception (scene 2)
resolution status
Risk
Per
cepti
on (1
-6)
![Page 23: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/23.jpg)
Respondents perceived less risk of identity theft when the situation was resolved compared to unresolved or unknown
Experiment 2 – Risk Perception
resolved unknown unresolved4
4.2
4.4
4.6
4.8
5
5.2
5.4
Mean Score of Risk Perception (scene 4)
money
terrorism
resolution status
Risk
Per
cepti
on (1
-6)
perpetrator's motivation
![Page 24: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/24.jpg)
Participants are more willing to pursue long-term behavior of online identity protection when the identity theft case was unresolved or unknown than if it was resolved.
Experiment 2 – Long Term Protective Behavior
resolved unknown unresolved2
2.5
3
3.5
4
4.5
Mean Score of Long-term Behavior(Scene 4)
money
terrorism
resolution status
Mea
n Lo
ng-te
rm B
ehav
ior (
1-6)
perpetrator's motivation
![Page 25: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/25.jpg)
Female participants tended to experience more negative affect, high perceived risk, were more likely to seek help (short-term behavior) and more likely to pursue online identity protection (long-term behavior)
Experiment 2 – Sex as a Moderating Variable
![Page 26: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/26.jpg)
Conclusions• Cyber attacker and attack characteristics influence
respondents’ affective responses, risk perceptions, and intended long term behavior
• Cyber Attacker Identification (Individual, Group, Individual with Picture, UK)
• Cyber Attack Tactics (Personal account vs. Database)• Cyber Attackers’ Motivations (Fame, Money, Terror, UK)• Resolution of Cyber Attack (Resolved, Unresolved, UK)
![Page 27: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/27.jpg)
Psychological Distance in Cyber Decision Making:
Information about the Attackers
52nd Edwards Bayesian Research ConferenceFullerton, 15 February 2014
Jinshu Cui, Department of PsychologyRichard John, Department of PsychologyHeather Rosoff, Sol Price School of Public PolicyCREATE, University of Southern California
![Page 28: Psychological Distance in Cyber Decision Making: Information about the Attackers](https://reader036.vdocuments.site/reader036/viewer/2022070500/5681687b550346895ddeeea4/html5/thumbnails/28.jpg)
Overview• Research Questions
– Do attacker identification (e.g., picture or not), attack tactics (i.e., personal account or database), motivations of the perpetrator (e.g., money, terrorism), or resolution of the event influence emotional, cognitive and behavioral responses?
• Experiment 1 – Financial Fraud: attacker identification, attack tactics
• Experiment 2 – Identity Theft: perpetrator’s motivation, resolution status