Paderborn computer scientist is researching people-centred solutions for improved security technologies
“Strained to critical” is how the Federal Office for Information Security (BSI) described the IT security situation in Germany in its latest annual report. The threat situation is worsening due to new malware variants, cybercriminal extortion methods, and targeted attacks on fundamental areas such as medical care. Just last week, the BSI set the alert level to red following the discovery of a security vulnerability in connection with the widely used programming language Java. Modern IT security strategies are required. However, state-of-the-art technology alone will not be sufficient, explains Professor Patricia Arias-Cabarcos, who has held the Chair of IT Security at Paderborn University since October. This researcher is also focusing on the role of people in the digital world. Working at the Department of Computer Science, she investigates how the current state of cybersecurity could be improved by people-centred solutions. Arias-Cabarcos’s vision is for everyone to be given the ability to lead a secure digital life, without requiring advanced technical knowledge.
People – part of the problem or part of the solution?
“Our society is increasingly reliant on digital infrastructures and services. More and more, our lives are conducted online. This high level of networking increases the risks and the opportunities for attacks”, according to Arias-Cabarcos. Various preventative measures offer protection. However, “if security technologies are too complicated, people will not use them”, the IT security expert explains. Numerous threats have demonstrated the scope that cyber-attacks can have in a globally networked world. “Since we now have critical infrastructure that is connected to the internet, the impact and potential damage of attacks has increased. These can affect individuals, but also disrupt production in a factory or affect the workings of a hospital, which has a significant adverse effect on people’s lives, the economy and society as a whole”, the researcher emphasises.
To ensure that effective security technologies are actually put to use by the majority of users once they have been developed by experts, the research conducted by Paderborn’s computer scientists is focusing on both technical and human aspects. Arias-Cabarcos is working to develop user-friendly cybersecurity solutions that are easy to understand, easy to use and privacy-friendly. Her research is therefore built on a foundation of interdisciplinary collaboration and a combination of methodologies from the fields of computer science, human-computer interaction, psychology and sociology.
Coronavirus pandemic: a catalyst for digitalisation and cyber-attacks
The increasing dangers of being online demonstrate how important the topic of IT security is in today’s world. “The pandemic and the shift to online teaching and working from home has resulted in radical changes in many areas”, Arias-Cabarcos notes. Various areas of life moving online means more opportunities for cyber criminals: “Untrained users have had to deal with in what is in some cases poorly secured technology. In addition, the need to quickly pick up tools such as videoconferencing services or virtual private networks (VPNs) and the blurring of the lines between professional and private lives has significantly increased the number of cyber incidents – in particular those caused by malware, i.e. malicious software that performs unwanted and generally harmful functions on an IT system without the user noticing, and by phishing techniques to steal user data”, Arias-Cabarcos explains. She emphasises: “Every digitalisation project must make security a priority and incorporate organisational and people-related measures not just at the outset but also throughout the entire life cycle, as security is an ever-changing goal.”
Removing security vulnerabilities
Arias-Cabarcos would like to increase users’ awareness and enable them to easily control what information they want to share. She and her team are currently working on technologies to increase transparency. For example, visualisation tools will help us to understand why third parties collect our data in order to create a detailed profile about us while we use their applications and services. Arias-Cabarcos is also researching user-friendly authentication options. Working with various partners, she is examining areas such as how users could identify themselves with brain waves via handheld devices rather than using passwords in the future, or how smartphone password managers could be used and improved as a tool for daily use of online services.
“Although people are often viewed as the weakest link in the cybersecurity chain, in truth, any weak component – such as a poorly secured device or the lack of a security policy – can leave the door open for an attack. Effective measures should therefore include protection for all elements and should be adaptable so that they can react in the event of an attack”, Arias-Cabarcos explains.