In 2015, the FBI's Internet Crime Complaints Center received a staggering 288,012 complaints of cybercrimes (FBI, 2015). These were not just numbers but real people and businesses affected. About 40% of the reported cyber-attacks resulted in immediate monetary loss, with individuals losing an average of $8421 and companies a staggering $17 million per cyber-attack. This is a serious issue that demands our immediate attention. Across the last five years, complaints have been roughly stable at about 300,000 per year (FBI, 2018). Typically, hackers often depend on a combination of technological and human vulnerabilities (Mitnick & Simon, 2002). We can reduce these vulnerabilities by improving user cyber hygiene and awareness.

Cybersecurity breaches are highly publicized, so most end users know they are at risk but do not know how to follow security professional recommendations. They often lack the understanding of the necessary cybersecurity actions, and this can lead to inappropriate behaviors. We surveyed users' knowledge of cyber hygiene (Cain, Edwards, & Still, 2018; Notebook Podcast). For instance, users report the following about their passwords:

* 85% used personal information
* 46% used dictionary words
* 50% used the same password for multiple accounts
* 59% do not change their password
* 95% share their password with others

Rapidly Expanding Domain:

We have been busy attempting to keep pace with the always-evolving landscape of cybersecurity threats. We explored the usage of two-factor authentication (Still & Tiller, 2021). Drivers' understanding of AI in automated driving is affected when they encounter a malicious stop sign (Garcia et al., 2022). We even briefly examined the use of QR codes across our campus (Still, Morris, & Edwards, 2024).

Recently, we have taken a deep dive into the rapidly growing SMS-based phishing attack vector. A survey of end-user behavior of SMiShing captured current end-user behavior, experience, and knowledge (Edwards et al., 2023; Edwards, Morris, Chen, & Still, under review; Edwards & Still, under review). And, we captured their deployment of attention while viewing malicious text messages (Katsarakes, Edwards, & Still, 2024; Edwards & Still, under review). Future work will explore the use of timely interventions to encourage safer behavior.

Considering Readability:

We are attempting to bridge the communication gap in cyber hygiene training material. This effort is being funded by the Commonwealth Cyber Initiative (CCI). Many everyday tasks rely on digital services. Therefore, everyone needs to consider their cyber hygiene and awareness. Users without appropriate training are more likely to become victims. Cybersecurity awareness training is not available to those with reading comprehension challenges. We aim to design out the digital literacy gap and reading comprehension challenges. This work is particularly relevant in Virginia, where 20% of adults have low literacy, and many lack knowledge of cyber hygiene.

Improving Cyber Awareness Training:

We must keep end-users in the loop to maintain secure systems. A systematic approach is needed to identify the root causes of human deficiencies within complex systems (Cranor, 2008). Future work will focus on training/policy communication and knowledge retention/transfer within the human-in-the-loop security framework. We aim to help users across the gulf of execution (Norman, 1988). A user might want to close a port but get lost in the interface. One of our recent pilot studies shows that the existing security training videos approach to training is ineffective (Katsarakes, Morris, & Still, 2024).

Improving Cyber Hygiene with AI:

Users' ability to recognize, comprehend, and anticipate the outcomes of cybersecurity threats is known as cyber situation awareness (CSA). Novice users not only demonstrate poor CSA, but poor understanding of how to respond to cyber threats. Current technology fails to connect users' cybersecurity behaviors to their threat vulnerability. We proposed a possible AI design solution that makes this connection more transparent - Cyber Hygiene Intelligence and Performance (CHIP) prototype (Mator & Still, 2021). Our solution provides users with actionable AI suggestions through concise and situated notifications.