Tallinn University of Technology

Ongoing digitalisation processes in our societies are facing Cybercrime threats. Efforts to increase cybersecurity involve an increasing number of societal sectors, such as education, health, and countless examples of critical infrastructure. In addition to technical solutions in the field of software and hardware design, the professional expertise of qualified psychologists, behavioural scientists, and other social sciences is needed to integrate the human factor into the security systems utilising robust scientific foundations. It is humans who defend machines and networks against other humans trying to attack them. It is also humans that need to be made aware of the risks associated with their behaviour.


Who are we looking for?

Our summer school aims for psychology students who would like to become familiar with the fields of cybersecurity, computer science students with an interest in the behaviours of end-users, and students from other disciplines who are interested in both. No prior knowledge about IT or Cybersecurity is required. All you need to be able to participate in this summer school is an interest in human behaviour and behavioural aspects of cyber security.

What do you learn?

We are organising two summer schools on the topic of behavioural science and cybersecurity, one in Tallinn, Estonia 12th-16th June, and one in The Hague, The Netherlands, 3rd-7th July.

The summer school in Tallinn focuses on human factors in cybersecurity, including gaining an understanding of how individual and organisational factors influence cybersecurity behaviours. Participants will gain insights on psychological processes on topics such as social engineering, mis- and disinformation in social media, risk management and its fallacies and biases, awareness training, and cybersecurity culture. Participants will also participate in a cybersecurity table top exercise.

The summer school in The Hague focuses on designing behavioural change interventions for cybersecurity issues. In this summer school you learn the various ways in which we can change people’s behaviour for the better and you will learn a method to come up with a suitable intervention for a cybersecurity behaviour of your own choice! This can include questions such as: How can we persuade people to create stronger passwords? How do we get people to update their software to the latest version? Or how can we train people to recognise fake news in time?

Furthermore, both summer schools will provide you with basics and examples of how behavioural sciences can contribute to a better handling of security challenges and gives you the chance to meet likeminded students from across Europe to discuss and develop approaches to apply psychological principles for better cybersecurity performance. While doing this, you will also learn about the integration of various psychological sub-disciplines.

Why do we need psychology and the broader behavioural and social sciences for what seems to be a computer science topic?

According to the European Union Agency for Cybersecurity (ENISA), non-technical experts are needed in cybersecurity for several reasons:

  1. Human factors: Human errors, such as poor password management, can pose a significant risk to the security of an organisation. Behavioural and social scientists can help identify and mitigate these human factors by understanding how people interact with technology and identifying patterns of behaviour that could lead to security breaches.
  2. Social engineering: Cyber attackers often use social engineering tactics to trick individuals into divulging sensitive information or taking harmful actions. Psychologists can help organisations understand these tactics and develop strategies to mitigate them.
  3. Insider threats: Insider threats are a significant concern in cybersecurity. Psychologists and HR specialists can help organisations identify and address potential insider threats by understanding the motivations and behaviours of employees.
  4. Cybersecurity awareness training: Effective cybersecurity awareness training requires an understanding of how people learn and retain information. Behavioural scientists can help design and implement effective training programs that are tailored to the specific needs of the organisation and its employees.

Overall, the “non-techies” bring a unique perspective to cybersecurity by understanding human behaviour and how it relates to technology. By incorporating psychological expertise into cybersecurity strategies, organisations can better protect themselves from cyber threats.

Who are we?

We represent the EU-funded project “CySec4Psych”. We are trained psychologists with international backgrounds working and researching in the field of IT-Security. Our fields of interests range from further education on cyber awareness in complex organisations, cyber-enabled crime, up to performance in military cyber defence, the role of teams in socio-technical systems to the role of cybersecurity for political disinformation. We strongly believe in the need to get more non-technical people work in the field of cybersecurity, to strengthen the security of the world of tomorrow.
In this event, we are representing the four partner institutions of the project: Saarland University (Germany), Tallinn University of Technology (Estonia), Leiden University (Netherlands) and the Helmholtz Center for Information Security (CISPA; Germany).

What will it be like?

We will meet on-site for five days in either Estonia (TalTech) or The Netherlands (Leiden University). If you’re very keen, you can even sign up for both! We will provide you with our perspectives, you will work in international groups of students on solutions to common challenges through the use of psychology and broader behavioural science insights. In addition, you will get to explore the city you’re visiting, as well as make new friends that can last a lifetime!

When is it?

The dates for the two summer schools are as follows:

  1. SUMMER SCHOOL 1: Monday 12 June – Friday 16 June 2023, in Tallinn, Estonia. This on-site event will be hosted by Tallinn University of Technology (TalTech, Estonia). Contact: Dr Stefan Sütterlin (stefan.sutterlin@taltech.ee).
  2. SUMMER SCHOOL 2: Monday 3 July – Friday 7 July 2023 in The Hague, The Netherlands. This on-site event will be hosted by Leiden University (Netherlands). Contact: Dr Tommy van Steen (t.van.steen@fgga.leidenuniv.nl).

Read also the interview with one of the implementers of the project Prof Stefan Sütterlin here