Arun Vishwanath, Ph.D., MBA
Arun Vishwanath studies the “people problem” of cybersecurity.
His research focuses on improving individual, organizational, and national resilience to cyber attacks by focusing on the weakest links in cyber security—Internet users.
His particular interest is in understanding why people fall prey to social engineering attacks that come in through email and social media, and on ways we can harness this understanding to secure cyberspace. He also examines how various groups—criminal syndicates, terrorist networks, hacktivists—utilize cyberspace to commit crimes, spread misinformation, recruit operatives, and radicalize others.
Dr. Vishwanath is an alumnus of the Berkman Klein Center at Harvard University. He was a tenured associate professor at the University at Buffalo and was faculty at Indiana University, Bloomington. He serves as the CTO of Avant Research Group (ARG)—a Buffalo, New York based cyber security research and advisory firm, where he consults for major corporations and government agencies on issues ranging from cybersecurity to consumer protection. He also serves as a distinguished expert for the NSA’s Science of Security & Privacy directorate.
Dr. Vishwanath’s research on improving cyber resilience against online social engineering has been funded by the National Science Foundation. He has published close to 50 articles on technology users and cybersecurity issues and his research has been presented to principals at national security and law enforcement agencies around the world. He has also presented his work at leading global security conferences, multiple times by invitation at the US Senate/SSA and House, as well as four consecutive times at BlackHat.
Dr. Vishwanath’s research marks many firsts that have shaped the scientific community’s understanding of cyber security:
(i) he was the first researcher to demonstrate the role of users’ cognitions, particularly how users cognitively processed information and their cyber risk beliefs, in making them susceptible to social engineering.
(ii) his work was the first to highlight the need for user responsibility, from developing cyber hygiene to safer cyber habits, for protecting organizations from social attacks.
(iii) his research also was the first to highlight the dangers of social media, from the use of fake profiles to the dissemination of deception, years before its impact was ever considered by anyone.
(iv) he was, likewise, the first to demonstrate the threats from mobile based social engineering attacks. While at the time many researchers ignored these ideas, the Verizon 2019 DBIR—for which he contributed a write-up—found unequivocal evidence in support of it.
Dr. Vishwanath also plays the role of a technologist, writing and highlighting, in the public interest, problems in cyber security and solutions for them. Many of his original ideas have led to new products, processes, and policies.
For instance, starting in December 2014, in CNN and other outlets, Dr. Vishwanath called for the creation of 911-type system for reporting cyber breaches. Today, organizations in the US and abroad are working to build such systems.
In February 2015, in another CNN opinion piece, he called for a 5-star rating system for new apps and technologies, similar to the 5-star rating system we use to test the crash protections of new cars. In 2019, Consumer Reports launched a system to do exactly this.
In November 2017, he called for an open source breach reporting portal, where breach information was stored and disseminated, so people and companies knew of what information about them was compromised. In 2018, Mozilla Corp. introduced the Firefox monitor that is built to do this.
In January 2018, he wrote about how AI would detrimentally affect the American middle class, displacing truck drivers, retail workers, even local news reporters–almost 2 years before presidential candidate Andrew Yang made it his campaign’s central issue.
Additionally, his research and views on the science of cybersecurity have also been featured on Wired Magazine, USA Today, Politico, CNN, the Washington Post, Scientific American, and hundreds of other national and international news outlets.
Below is a list of some of the influential articles he’s authored:
- on how ransomware attacks such as the Colonial Pipeline hack could have been stopped [CNN]
- on why weaponizing the Internet is a bad idea [Washington Post]
- on why smartphones are more vulnerable to social attacks [Verizon Data Breach Investigations Report, DBIR, 2019]
- on why so many people fall for fake social media profiles online [LA Times]
- on why spear phishing has become even more dangerous [CNN]
- on how AI will impact democracy [CNN]
- on how AI will replace truckers, retail workers, journalists–eventually, all of us [CNN]
- on how people can stay safe from ransomware [CNN]
- on what President-elect Trump must do to save the Internet [CNN]
- on how cyber breaches occur [CNN]
- on the people problem of cyber security [The Conversation]
- on the threats to our critical infrastructure from cyber attacks [CNN]
- on the threat from data exfiltration through attacks like the Sony Pictures attack [CNN]
- the problems with encryption in the FBI vs. Apple’s iPhone encryption debate [CNN]
- the rising tide of ransomware attacks [CNN]
- why cyber attacks keep coming and are likely to do so in the near future [CNN]
- how mobile app designs contribute to such attacks [CNN]
- why we need a virtual wall to protect cyber space and how we can build it [CNN]
- how people’s habits are responsible for many cyber attacks [The Conversation]
- how we must change people’s habits and build better cyber hygiene [World Economic Forum]
- on how we can blunt the phisher’s spear [Blackhat’16]
- on how “Spear-Phishing” Roiled the Presidential Campaign [Scientific American]
- on whether the new iPhone is designed for cyber safety [Newsweek]