New research and industry collaboration to improve usability of cyber security tools
Cyberattacks are multi-dimensional, but cybersecurity software lacks the ability to represent threats. A new research and industry collaboration headed up on the ITU side by Associate Professor of Digital Design at the IT University, Daniel Cermak-Sassenrath, sets out to make cybersecurity tools more accessible and usable.
Daniel Cermak-SassenrathCollaborationsDigital Design DepartmentResearchcybercrimedesigngrantssoftware
Written 6 February, 2023 12:01 by Theis Duelund Jensen
In cyberattacks, the speed of countermeasures is essential in minimizing the negative impact on organizations. The problem with today’s digital security technology is not a lack of computing power, it is the meaningful application by users. Users are flooded with data and features. In a real-world example, a medium-sized Danish company receives 12 000 cybersecurity alerts every month with a single user to handle them all. The users must make competent and appropriate decisions in real-time, in situations where incorrect decisions can have severe consequences.
A new research collaboration between Associate Professor of Digital Design at ITU, Daniel Cermak-Sassenrath and the cybersecurity companies Seculyze and VENZO Cyber Security aims to make cybersecurity software more accessible to users. The end goal is to improve the efficiency of cybersecurity threat analysis by designing a user-friendly interface in software developed by Seculyze. The software is tested by VENZO Cyber Security analysts analyzing threats for their customers. The three partners will design, develop, and test the product in concert with end-users. The project is funded by DigitalLead, Denmark's cluster organization for digital technologies.
“Research shows that software applications that offer a better user experience often outperform applications with more functionality,” says Daniel Cermak-Sassenrath who is affiliated with the Centre for Digital Play at ITU. The project identifies and investigates approaches to let cyber-defenders work in multiple dimensions in the same way as cyberattackers do.
“In cybersecurity software tools, alerts for cyber-defenders are conventionally shown in (one-dimensonal) lists. But cyberattackers act in multiple dimensions. They often employ several attack vectors and sometimes, the combination of several information sources provides the opening for an attack. We need defenders to think and act in the same way to ensure better and faster countermeasures,” says Alex Steninge Jacobsen, CEO of Seculyze.
The project addresses the challenge of designing and developing effective, accessible, and engaging visual representations in a particular high-tech application in the context of cybersecurity. Visual representations translate the technically available data to align with users' tasks, skills, contexts, and priorities. Ultimately, the project therefore aims to empower users to make better informed decisions leading to a lower number of security breaches in cyberattacks and reducing the associated impacts and costs for companies and society.
“Basically, I believe that accessibility and usability is a general problem in media and technology. We have a good handle on the technology, the computing power, the interesting question for me has always been what to do with it. With the increased computing power that problem is now becoming a societal, political, and probably also a philosophical problem. With this project, we hope to tackle the problem in a cybersecurity context,” says Daniel Cermak-Sassenrath.
{Box}
Theis Duelund Jensen, Press Officer, tel: 2555 0447, email: thej@itu.dk