Cybersecurity mythbusting: Book smart vs. street smart, Part 2
Why are doctors dumber than a dropout
What are highly intelligent, highly educated people doing that makes them nine times more vulnerable than a high school dropout to cybercrime?
Re: Cybercrime: Are doctors dumber than a dropout?
One theory was that the amount of time a cybercrime victim was active online played a role. However, our study showed that time online was not enough of a factor to be considered THE reason. Those active less than three hours online per week still showed a huge vulnerability to cybercriminals.
Cybercrime defined: Doctoral graduates In the dark
Even worse, the old stereotype of hackers being a lone gunman or '"WarGames/Broderick type" was seen from all levels of adults, including doctoral graduates. From the recent ESET cybersecurity study:
The stereotypical "movie villain" computer hacker is a pervasive image among adults:
63% think that cyber criminals are mainly individual computer hackers, while only 21% see organized crime as primarily responsible for cybercrime.
This finding of a "dark ages" mentality supports what other pros in the field have been saying: We are not winning the battle against cybercrime because our mindset is stuck in the 20th century.
Doctors without borders
Doctoral graduates appear to suffer from an overall failure of situational awareness required to recognize cybersecurity threats and take action. The failure to recognize that most cybercrime is perpetuated by organized crime elements affects every group except for one. Doctoral graduates who were not urban dwelling and in their 20s or 30s were just as blind to the realities of global cybercrime.
Not only are most people unaware of the link to organized crime, but our sharpest minds are nine times (9x) more likely to become victims of it.
Theory: Increased mobility weakening a learned community?
Could a more mobile lifestyle contribute towards these people becoming more vulnerable to cybercrime?
Examining doctoral data from the National Science Foundation and other sources brought the mobility theory to mind.
The past 10 years has seen Internet and Communication Technology (ITC), a long-time focus of the United Nations, bridge the long distance communication gap through email, Voice over IP (VoIP) and instant iessaging.
Could these newly developed conduits into developing countries play a role in doctoral graduates and other highly educated people becoming more vulnerable to cybercrime? After all, these aren't living down the block from Aunt Sally anymore. With the growing ICT infrastructure in place over the past five years, it is very realistic to expect data streams to connect us all more globally.
Now, looking at available data, it shows (fig 17) that 25% of US doctoral graduates are foreign born.
From the OECD report:
Doctorate holders are indeed a highly mobile population since a large share of them have lived abroad at the time of their education (prior or during doctoral studies) or afterwards during their professional life.
Mobility of doctorate holders is driven by a variety of reasons that can be academic, job related as well as family and personal.
A recent OECD report on the global competition of talent shows that 'mobility of human resources in science and technology has become a central aspect of globalization. Migration of talent now plays an important role in shaping skilled labor forces throughout the OECD area' (OECD, 2008c)."
Another unanswered question is whether 25% of all stateside doctoral graduates is a significant enough portion to skew the results. Further, could these victims be culturally influenced?
While there isn"t enough evidence to state this out of hand, according to the National Science Foundation and the OEDC, Asian-born doctoral graduates represent just over half of the total foreign number, outnumbering European-born nearly two to one.
Mobility to the United States, on the other hand, is dominated by doctorate holders of Asian origin, principally those of Chinese, Indian and South Korean origin. The share of Asian-born among total foreign doctoral graduates in the United States represented 51% in 2003 while that of European-born reached 27%. The presence of Asians is even more marked at the level of doctoral education, reaching two-thirds of foreign students.
Of these 25%, unfortunately, what is still unknown is how many are victims of cybercrime. We know that urban males in their 20s and 30s can define cybercrime, but that doesn"t make doctoral graduates in that category measurably any safer.
Behaviorally this would fit into the "trust circle" of human behavior: Calling Aunt Sally from your PC through VOIP instead of a costly voice-only circuit makes more economic sense. If you're at your PC already you may exchange some files back and forth, perhaps images of family and friends. Those files may be infected, therefore providing a vector for malware infection, and the "trust circle" element definitely leads to even the most educated people letting their guard down.
This would be good news – if the circumstances around the cybersecurity issue are merely distance and mobility related, it can be targeted through training.
How do we regain cybersecurity mindshare within our smartest minds?
A second survey would be required to determine whether foreign-born doctoral graduates are more or less susceptible to cybercrime and whether that breaks down evenly between all countries of origin.
The good news from this is that priorities in cybercrime education may start to appear, and statistics like this tend to grab the attention of the demographic most affected.
In our third and final part of the series we'll create a potential cybercrime victim profile and discuss methods for a CIO to approach user education with senior level academics. We'll also talk about the CIO gut check and basic criminology plays into the Book Smart victimization.
A special note on the subject of cultural heritage: Securing Our eCity was formed to help band other San Diego public and private organizations together in order to gain the upper hand on cybercrime. Finding patterns within groups of victims allows a stronger effort in targeting the educational and partnership opportunities. This data is being analyzed in the hopes that deterrence through education can be coordinated more rapidly. In no way should this be construed to signify or single out any group or groups of people any more than publishing research on heart disease showing predominance towards certain groups.