Digitalization has reached every corner of our lives and enables us to be connected to family and friends as well as work from home. While there are countless positive aspects of these developments, it necessary to realize that an increasing digitalization also brings along numerous ways of being exploited. Citizens, enterprises and even governments are potential targets of cyberattacks, damaging IT systems and stealing personal information and secret documents. A report of the European Parliament states that the current worldwide costs of cybercrime attacks can be estimated at approx. 530 billion euros. And the trend is clearly going upwards.

It is clear that there is a need to counter these attacks and protect citizens and companies. Although for a long time technological solutions were at the center of cybersecurity debates, lately there has been an increasing realization that an emphasis needs to be put on psychological factors of users for IT security as a whole to work. Take the example of cybercriminals who pursue non-technical strategies, such as „social engineering“, to gain access to data of potential victims or to install malware on their computers. Hackers might contact their victims through means of psychological manipulation strategies manage to make them reveal their password for a service. A complex algorithm to encrypt such a password cannot protect users who reveal a critical piece of information that enables attackers to get access to their most sensitive data.

The psychological component and human factors of cybersecurity are at the center of debates in developed countries now, as they struggle in fighting these attacks, yet there is a clear need to build up defense systems in developing countries where more and more people are getting access to the internet is even more important. Developing nations, such as Pakistan, suffer major IT security breaches regularly and are confronted with an enormous challenges on making their systems secure as well as ensure the cyber safety of their citizens and organizations.

And this is where the capacity-building project „Rethinking Cybersecurity in Pakistan – Human factors‘ Essential Role“ (RECYPHER), aims to uplift and build capacity in the area of cybersecurity in Pakistan with a particular focus on human factors. In order to achieve this goal, the RECYPHER project has set the following goals:

Development of Cybersecurity Awareness Centers

Cybersecurity Awareness Centers will be set up at selected universities in Pakistan to create a space where a broad group, from interested citizens and students to IT experts, can be sensitized to the topic of IT security. In these centers IT security and its challenges are experienced in real-life experiments and simulations, in order to create an awareness of its importance amongst citizens. It should be clarified how easily visitors‘ data can be accessed, for example, by creating individual personality profiles simply through the presence of their electronic devices. A further central idea of Cybersecurity Awareness Centers is that training courses should take place here, which enable training in specialized areas of cybersecurity and at the same time integrate the applied knowledge of psychology.

Building networks

A focal aspect for initiating economic development in the field of cybersecurity is to create a closer connection between students of the selected partner universities and companies active in this field. Within the framework of offers and events dealing with the topic of IT security, an opportunity for exchange and contact is to be created for interested students as well as companies. Young students should not only be sensitized to the topic, but also have the opportunity to enter this branch of industry.

Highlighting the importance of the psychological side of IT security

So far, linking psychology with cybersecurity is still a young area, even in developing countries, yet there is great potential for growth. In addition to the technological solutions, the psychological side of human-machine interaction must also be considered in order to be able to create a holistic concept for cybersecurity. As research in the social sciences in Pakistan does not have the prominence it deserves, especially in comparison to science subjects, one of the fundamental goals of this project is to boost the relevance of psychology in general and specially in the field of cybersecurity