About the Evidence-Based Cybersecurity Research Group

Cyber-dependent crimes have become a major concern for governmental, commercial, and financial institutions around the globe, as well as for private individuals who use computer technology and the Internet for leisure, shopping, and work. Extensive research has examined and proposed ways to prevent the development of cyber-dependent crimes. However, it is still unclear whether commonly used interventions can prevent online offenders from engaging in crimes like hacking, spreading malware, and launching Distributed Denial of Service attacks. Our research group seeks to produce empirical evidence and provide systematic reviews of existing empirical research regarding the potential effect of existing cyber-security policies and tools in preventing the development and progression of cyber crimes.

The prevalence of cyber-dependent crimes (i.e illegal activities that can only be performed using a computer, computer networks or other forms of information communication technology) has significantly increased during the last decade in the USA and around the world. However, although cybersecurity efforts have increased substantially, very little attention has been focused on identifying potential comprehensive human-based interventions within the local ecology in which these crimes develop and persist.

An evidence-based cybersecurity approach provides an ideal framework for conceptualizing an interdisciplinary problem like cyber-dependent crime because it stresses moving beyond decision makers’ political, financial, social backgrounds and personal experiences to a model in which policy decisions are made based on scientific research findings. Moreover, this approach draws on the assumption that solutions to human behaviors may be affected by the interconnected behavior of victims, offenders and law enforcement agencies operating within the cyber realm, and that the effectiveness of the different interventions in achieving its goals should be assessed through rigorous scientific research methods.

The evidence-based cybersecurity approach encourages its followers to think of the situational environments that provide the structural resources and social opportunities for cyber-dependent crimes to emerge. As a result, advocates of this approach suggest that effective protection of computer environments should be the product of empirically proven “nudges” that push legitimate users of the environment to comply with organizational cybersecurity polices, while driving illegitimate users of the system to behave in predicable ways on an attacked system.