“The reason we see cyber criminal behaviour online is the perception that nobody is in charge, because the reality is that nobody is in charge,” she told the IsacaCSX Europe 2017 conference in London.
The anonymity of the internet has led to disinhibition, while its global reach is enabling people to act globally by associating and collaborating online with like-minded people around the world.
“As a result, people are doing things online that they would not do in the real world, because the [cyber] environment has an impact on their behaviour,” said Aiken.
“But we need to solve problems like cyber bullying before we continue to develop the technologies that are likely to amplify the positives, but equally and oppositely accelerate the negatives,” she said.
Aiken believes this will exacerbate cyber criminal behaviour and all other forms of negative social behaviour because the more disinhibited people are, the less likely they are to fear consequences.
In the face of these challenges, she said there is a need to rethink how we are actually using the internet, and there should be no delay in conducting research to find ways to redress the problems, but most traditional academic research projects take at least five years to deliver actionable data.
Aiken, therefore, advocates what she terms “lightning” research to deliver insight quickly for an evidence-based approach to tackling a problem, which is the route she followed for an initiative by Europol to understand how and why young people are recruited as cyber criminals.
“All it took was a phone call to Paladin venture capital in the US – I sit on their advisory board – to secure the funding we needed to enable us to go straight into the research,” she told Computer Weekly.
“The research generated a report, which has now informed a pan-European campaign to educate children about the dangers of hacking online, to educate their teachers in terms of trying to actually spot what kids are doing and reach out to them, and to educate parents and authorities in terms of how they deal with the problem space,” she said.
The five-year traditional research process is not fit for purpose in an age of technology, according to Aiken. “By the time they have findings relevant to the problem – the behaviour has likely mutated and moved on.
“We need academic first responders who are prepared to nail their colours to the mast, to make informed assumptions about what is happening, to stop sitting metaphorically on the fence, and to step up to help solve these problems now,” she said.
Breaking down walls
Aiken advocates a “transdisciplinary” approach. “We need to break down the walls in terms of collectively coming together and looking at the problem.”
Asked about the role of information security professionals, Aiken said the problem was not a tech problem, and needs to be discussed and addressed by all “citizens of cyber space”.
“We have to stop looking at the problem in silos of education, cyber security, cyber criminology, and industry – we have to join the dots,” she told Computer Weekly.
“We have got to look at everything together, and out of that we get insight – and not just look at it from the myopic lens of one discipline – such as information security professionals.
“We need behavioural scientists, we need specialists in ethics and anthropology to look at evolutionary aspects of how our behaviour is struggling to change at the pace that technology is evolving,” said Aiken.
“I have pursued studies in cyber psychology and forensic cyber psychology, and fellowships in network science, cyber criminology, cyber psychology and information security technology because I wanted, as one person, to have a transdisciplinary approach.
“I wanted to try and see it through the lens of multiple disciplines simultaneously and then in addition to that, I wanted to take a developmental view,” she said.
On the topic of cyber criminal behaviour, Aiken said development aspects have to be factored in. “Hackers do not wake up one morning at 13 or 15 and decide to hack. There’s a developmental or evolutionary pathway into hacking behaviour.
“If we can understand that pathway, we could go a long way towards addressing the behaviour. And if we want to understand how cyber criminals operate, we have to start thinking like them and gaining that insight,” she said.
“But there has been very little research and innovation in terms of theories of criminology and criminality applied online to support the information security sector in terms of understanding this behaviour and developing technologies that can absolutely detect the behaviour, and hopefully in time predict behaviour.”
According to Aiken, the internet is not just infrastructure, but has a pervasive and profound effect on human behaviour.
“Until we wake up and realise that, we will continue to have problems with cyber criminal behaviour. But the good news is we still have time to do something about it if we step up and take ownership of cyber space.”
Cyber thought leadership
In closing, Aiken said there are solutions. “We need cyber thought leadership, we need recognise human factors in cyber security, we need to develop the insights to address the behaviour.
“We need to conceptualise cyber space as an environment, and then apply the full weight of our knowledge in terms of environmental psychology.
“We need fast and innovative research. We need to develop new theoretical models to address these behaviours, we need academic first responders to advise industry, and we need cooperation between academia, industry and law enforcement to help create a better cyber society.”