What happens when social psychology and cybersecurity join forces? We're about to find out.

Within the first few minutes of chatting with Aaron Kay, he tells me about a person close to him who fell prey to a cyber scam and lost money – a story that is as devastating as it is ubiquitous. Nowadays, everyone has a friend or loved one who has been hacked or defrauded online, myself included. The FBI puts a number to our collective anecdotes: a record 847,000 complaints of internet crime reported in 2021, with potential losses exceeding $6.9 billion.

‍

It’s no stretch to say that cybercrime has become one of the most pervasive and pressing societal issues we face today, which is exactly the type of thing that Kay gravitates towards as an academic researcher and social psychologist at Duke University.

‍

“In general, all of my research has been motivated by what I see as social problems,” Kay said. “When I see a problem that frustrates me, I get very interested in it from an academic perspective.”

‍

This has led Kay to examine a broad range of large-scale societal issues throughout his career: social justice, political extremism, organizational behaviors, and beyond. As he explains it, his approach is to try to understand widespread societal issues from a cognitive, social psychological level in order to inform interventions and solve problems at scale.

‍

Now, as an advisor to Nudge Security, Kay will apply this lens to the realm of cybersecurity, supporting our efforts to transform the human element of security. In this capacity, Kay will help guide Nudge Security to use scientifically-backed methodologies as we build technology solutions.

‍

He describes what drew him to the role –

‍

“Nudge Security is trying to solve a huge problem in cybersecurity, using psychology and social psychology embedded in technology,” Kay said. “When someone contacts me because they actually want to integrate psychology expertise into what they’re building, it makes me very excited about what the company is trying to do, especially if it's in the domain of fixing some sort of large social problem.”

‍

That social problem, as we described it in this blog post, is that cybercriminals have become masterful at exploiting our personal biases and vulnerabilities to launch attacks. AI-powered bots flood social media platforms with misinformation. Threat actors like Lapsus$ use phishing attacks and even bribe employees to breach major organizations like Microsoft, Okta, and T-Mobile.

‍

It’s clear that traditional security measures are not enough to protect against these types of threats. To truly secure our digital world, we need to truly understand how people think and behave, so that we can design better security systems that help guide people towards better security decision-making and online behaviors.

‍

As Russell Spitler, co-founder and CEO of Nudge Security puts it, “the last thing organizational security leaders need is yet another security vendor making promises to solve a cybersecurity problem with some magical technology or an unscalable process.” He continues, “Especially as it relates to employees’ security behaviors, we have far too many ‘solutions’ in the market that, in reality, lead to completely counterproductive outcomes like cybersecurity fatigue and resistance.  Solutions to this problem must start with a foundation in scientific research.”

‍

“We are thrilled to have Aaron Kay, a preeminent scholar in the fields of social psychology and organizational behavior, as an advisor to Nudge Security,” said Spitler, “With Aaron’s leadership, we will take advantage of decades of leading-edge research and best practices from these fields to tackle one of the most pressing challenges in cybersecurity and society at large.”

‍

Aaron joins a roster of advisors announced last month as part of our seed funding announcement with Ballistic Ventures. He joins advisors Kunal Anand of Imperva, Prevoty and Nicole Perlroth, New York Times cybersecurity journalist, best-selling author, and advisor to CISA.

‍

We recognize that creating transformational change in cybersecurity will require a wealth of diverse perspectives and expertise from within and external to the industry. That’s exactly what we aim to assemble through our team advisors, funders, employees, and early access development partners.