Abstract
A major problem that both organizations and individuals very often face is the threat of cyber-attacks and their resulting impacts. Cyber-attacks are common occurrences in the modern day, causing disruptions in software and infrastructure, breaches of private data, and financial losses of millions of dollars. In addition to these, many nations conduct cyberwarfare to fulfill their political agendas and goals – China and Russia being the largest players – achieving goals such as obtaining sensitive government data or even swaying election results. My technical and STS research problems both attempt to address the frequency and success of these attacks, with my technical research focusing on addressing it through improved educational tools, while my STS research attempts to outline key factors behind phishing, a specific type of cyber-attack.
My technical research aimed to address the effectiveness and engagement of typical cybersecurity training programs, which are often dry and unengaging. To achieve this, I worked on a programming group project within the CS Capstone Practicum II course that focused on creating a website with an array of educational games to effectively teach cybersecurity principles in an engaging and unique manner. My team tried to make our solution to cybersecurity training engagement by using gamification, the concept of implementing game elements and systems, such as a leaderboard, into learning material to increase engagement through these forms of incentives. To analyze the success of the implemented games, my team used a small number of beta testers and feedback from our course peers, finding that the leaderboard we added was highly effective as an incentive, and that the presentation of the various cybersecurity scenarios on our website was more engaging than previous traditional training experiences.
For my STS research paper, I attempted to identify key factors behind phishing attacks from a holistic perspective. Phishing is a type of cyber-attack that uses forged emails, messages, or calls to trick the victim into believing that it is from a legitimate organization, with the end goal to obtain sensitive data from the victim. To achieve this, I conducted a literary review of existing academic research on phishing to determine specific patterns across various works under the framework of Taylor’s Ethics of Care. Using the literature, I determined three major factors of phishing: socioeconomic, psychological, and educational. Within these factors, some of the most important findings were that phishing is often a crime which attackers resort to due to economic disparities and lack of systematic support, as well that individual traits such as gender or age do factor into both susceptibility and phishing education effectiveness, with these often being ignored in favor of technical solutions.
Regarding contributing to the solution for cyber-attacks, I think the success of my results was mixed. Although my technical project had received positive feedback from the beta testers and peers, the sample size was small, meaning that the resulting feedback could be biased, and one of the games was not finished when the beta testing occurred, lacking proper feedback regarding its effectiveness. On the other hand, I think that my STS paper was successful as it addressed aspects of phishing in a novel way, focusing on a holistic and human-centric approach through the view of care ethics, which I believe hasn’t been done before. These results from my STS paper can be further used to address the failures of care existing between the different stakeholders of phishing, providing the necessary support and resources for the attackers to avoid resorting to cybercrimes, and aid to the affected victims which are often ignored by organizations in favor of protecting their data. Building on the results of my two projects, future researchers should focus on addressing cyberattacks in less technical manners, but instead also account for the individuals playing a role in them, while also using the identified factors from my research to further improve existing training programs and cyber solutions.
First, I would like to thank my capstone group members, Spencer Cook, Andy Li, and Andy Wang, who massively contributed by aiding in the development and testing of our website, as well as writing our capstone paper. Second, I would also like to thank both my STS professor, Caitlin D. Wylie, and my Capstone Practicum professor, Mark Sherriff, for guiding me through both projects. Third, I would like to thank Kate Cramer and Brennen Muller for informally peer-reviewing my STS paper. Finally, I would also like to thank my family and my two cats, Boris and Bonya, for supporting me along the way as I worked on these projects.
