In a globalised world, everyone is networked with everyone else. As great as the advantages of the World Wide Web may be, this close networking can just as easily be exploited. Especially nations that are not yet as technologically advanced, like Pakistan, are at increased risk of falling victim to cyber-attacks. More and more people in this populous country have access to the Internet, which makes the creation of a secure cyberspace a priority in this country.
The project „Rethinking Cybersecurity in Pakistan – Human factors‘ Essential Role“, in short ReCyP:HER, aims to create a comprehensive capacity building for the area of cybersecurity and especially to put the main focus on the psychological side of IT security. So far, technical solutions have dominated the topic of cyber security, but the psychological side of IT security is also increasingly being discussed. The human factor has so far been the weak point in digital security, because even the best technical defence system is of no use if the end user downloads a hacker’s malicious software with a wrong click.
In doing so, cybercriminals also pursue in part non-technical strategies, such as the so-called „social engineering“, to gain access to the data of potential victims or to install malware on their computers. For example, hackers contact their victims and pretend to be the IT-support-technicians of their own company. They explain to their victims that they absolutely have to change their password and, by means of psychological manipulation strategies, manage to make them reveal important access data to them.
In order to advance the development of cyber security with a special focus on the human component in solutions in Pakistan, the ReCyP:HER project has set itself the following goals:
Development of Cybersecurity Awareness Centers
Cybersecurity Awareness Centers will be set up at selected universities in Pakistan to create a space where a broad group, from interested citizens and students to IT experts, can be sensitized to the topic of digital security. Within this infrastructure, IT security is to be made tangible through real-life experiments, in order to create an awareness of its importance in the general population. It should be clarified how easily visitors‘ data can be accessed, for example, by creating individual personality profiles simply through the presence of their electronic devices. A further central idea of Cybersecurity Awareness is that training courses should take place here, which enable training in deeper areas of cybersecurity and at the same time integrate the practically usable knowledge of psychology.
A central point for initiating economic development in the field of cybersecurity is to create a closer connection between students of the selected partner universities and companies economically active in this field. Within the framework of offers and events dealing with the topic of digital security, an opportunity for exchange and contact is to be created for interested students as well as companies. Young students should not only be sensitized to the topic, but also have the opportunity to enter this branch of industry.
Highlighting the importance of the psychological side of IT security
So far, the intersection between psychology and cybersecurity is still a young area with great potential for growth. In addition to the technical solutions, the psychological side of human-machine interaction must also be considered in order to be able to create a holistic concept for cybersecurity. Since social psychological research in Pakistan does not have the same importance as in Western countries, especially in comparison to the natural sciences, one of the fundamental goals of this project is to clarify the relevance of psychology in the field of cybersecurity