In the assessment of cyber risk, the consideration of a large slice of vulnerability is based on evidence and studies of a victimological nature. In fact, in mitigating the risks inherent in IT security and cyber protection, organizations and authorities, in addition to weighing the possibility of electronic, physical and environmental dysfunctions, also have to consider the weaknesses that - inevitably - the human factor introduces in any information system.
In this sense, the evaluation of the impact of the human component involves the consideration of three aspects: the digital divide, that is the generalized lack of computer skills among the population; there internal threat, that is, the criminological evidence of unfaithful or uncooperative employees; there digital fragility, i.e. the reality of people with psycho-physical conditions of weakness - age, health, cognitive abilities - which do not allow a equivalent access to technology.
I will not dwell on the first two aspects here. I only mention that on the "digital divide" - to be mitigated by investing in structured digital literacy programs - our country has set itself the strategic goal of bridging the IT skills gap by 2026, making at least 70% digitally capable by that date. of the population. On the front, on the other hand, the theme ofpersonal unreliabilityexperience recommends the implementation of insider threat prevention & response, typically based on intelligence approaches and resources.
The third consideration, on the other hand, relates to the asymmetric threat brought by cyber-criminals towards three specific groups of the population: the elderly, generally lacking in computer skills and suffering from geriatric problems that reduce cognitive performance and increase memorization difficulties; children, naturally limited in understanding abstract concepts, with understandable problems in reading texts and limited cognitive skills and body control (for example in handling the mouse); the disabled, with visual impairment, color blindness or with cognitive or motor disabilities.
For each of the categories identified, there are sector studies which, starting from the consideration of the physiologies and pathologies constituting impediments or slowdowns, suggest the most useful assistive or immersive solutions to break down the relative access barriers.
On the technology front, for example, a study appeared on Journal of Computer Science examined a sample of elderly people, one of children aged 3 to 8 and a group of disabled people. By subjecting them to interviews aimed at identifying the difficulties in interacting with software, the analysis was able to identify the programmatic lines of development of new user interfaces that ensure greater accessibility and inclusion and, therefore - I add - greater network security. For example, it emerged that seniors could better master technology if computer terminology was limited and the clutter of information on screens was reduced; children could interact better with the software, if the information complexity was reduced and the texts were eliminated, replacing them with drawings and photos; and finally the disabled could better relate to electronic devices thanks to the use of textual recognition and speech synthesis solutions, or even translation into braille text that appears on the screen.
Other studies, more focused on user interface techniques, have allowed us to hypothesize the use of techniques already known in the military and medical-surgical fields, such as augmented reality - technology that allows the enrichment of human perception - or of the methods of Virtual Reality that allow the digital simulation of reality.
On the front instead of those providing assistance - typically i caregiver and families - some suggestions of a socio-cultural nature were highlighted. For example, specifically for toddlers, a study by the National Institute of Standards and Technology that probed the knowledge and practices of a sample of school-age children is of particular interest. The results revealed that the children examined - generally used to carry out i log-in on school or home computers and therefore already in possession of good digital hygiene skills - however, they have shown unclear ideas about the function of Password, confusing the concepts of authentication with that of protecting access credentials (Password Security), rather than between the right to privacy (privacy) and the right to online browsing safety (safety). Most schoolchildren, for example, stated that the password "is important because it saves our lives": this has given researchers the belief that an educational approach based on fear would be in place which - by creating inaccurate mental models - would compromise the the development in adulthood of adequate cyber self-protection skills has long been developed. On the contrary, other studies on the subject of "human-centered security" have ascertained how much more effective training approaches based on creativity and trust are in the long term, rather than those based on fear of dire consequences.
In short, the scientific community has quite clear ideas about the technical, pedagogical and organizational solutions necessary to make the online defense of fragile digital objects more robust.
The problem, however, is that in practice the needs of the population group in question are not yet taken into account: the web and computer, tablet and smartphone software are developed to enhance their general usability, understood as the ability to maximize the satisfaction, effectiveness and efficiency of the average user experience. On the other hand, the cyber security of those who are weaker on the network must leverage on two other characteristics that can be obtained at the expense of general usability, namely: accessibility, understood as the possibility for the disabled person to succeed in any case, in an equivalent way, to perceive, understand, navigate and interact with the applications, as well as to contribute (through them) in a fair and barrier-free way; inclusiveness, which can be defined as the ability of computer programs to ensure the maximum possible involvement for anyone.
In short, the solution to the problem passes through socio-economic and cultural approaches that ensure a correct balance between usability, accessibility and inclusiveness of technology.
It is not just a problem of social equity. It is a strategic safety factor: the possibility that users with digital fragility - in this respect, the weakest link in the chain - are in a position to defend themselves online, as well as to recognize and report incidents, dangers and concerns, guarantees a safer cyber domain for everyone!
To learn more:
https://www.helpage.it/?s=anziani+divario+digitale
https://innovazione.gov.it/notizie/articoli/competenze-digitali/
https://www.w3.org/WAI/fundamentals/accessibility-usability-inclusion/
https://csrc.nist.gov/publications/detail/conference-paper/2019/02/24/ex...
https://www.researchgate.net/publication/277589616_A_review_on_user_inte...
https://www.wsj.com/articles/why-companies-should-stop-scaring-employees...
Photo: Twitter
