Renowned Expert in Cybersecurity, Deception, and Human Behavior

Arun Vishwanath is a distinguished scholar and practitioner at the forefront of addressing cybersecurity’s “people problem.”

With a dynamic blend of expertise in cognitive-behavioral science and cybersecurity, he delves into how human vulnerabilities can be the linchpin in safeguarding or compromising cyber resilience.

An internationally recognized figure, Dr. Vishwanath has made over 250 media appearances globally, discussing how cybercriminals, terrorist groups, and radical activists exploit digital spaces to perpetrate crimes, disseminate false information, and influence or recruit individuals. His commentary has featured in leading outlets such as Wired Magazine, Politico, CNN, and the Washington Post, bringing vital security issues to the forefront of public discourse.

He is also the author of the highly acclaimed book “The Weakest Link,” published by MIT Press, which has been recognized as a seminal work in understanding the human factors in cybersecurity and has become a bestseller in the field.

Through his research and applied work, Dr. Vishwanath aims to not only advance theoretical frameworks but also to pioneer actionable strategies that enhance cybersecurity practices across various sectors.

A former fellow at Harvard University’s Berkman Klein Center, Dr. Vishwanath has consistently led the field in understanding and improving how individuals, organizations, and nations can better defend against cyber threats. As the Founder of the Cyber Hygiene Academy and a distinguished expert for the NSA’s Science of Security & Privacy directorate, his contributions to cybersecurity are both foundational and transformative. He also serves as the CTO of Avant Research Group, LLC, a consulting firm that specializes in advising major corporations and government agencies on a wide range of cybersecurity challenges, from strategic threat assessments to the implementation of effective cyber defenses.

The 7th Annual 930Gov Conference, hosted by the Digital Government Institute, Tuesday, August 20, 2019 at the Walter E. Washington Convention Center, Washington, DC. (Photo by Max Taylor)

Dr. Vishwanath’s research, funded by the National Science Foundation, has led to nearly 50 publications on technology users and cybersecurity issues. His findings have been presented to key figures at national security and law enforcement agencies globally. Additionally, he has been a featured speaker at leading global security conferences, including multiple invited presentations at the US Senate/SSA and House, and four consecutive appearances at BlackHat.

Dr. Vishwanath’s research marks many firsts that have shaped the scientific community’s understanding of cyber security:

(i) he  was the first researcher to demonstrate the role of users’ cognitions, particularly how users cognitively processed information and their cyber risk beliefs, in making them susceptible to social engineering.

(ii) his work was the first to highlight the need for user responsibility, from developing cyber hygiene to safer cyber habits, for protecting organizations from social attacks.  

(iii) his research also was the first to highlight the dangers of social media, from the use of fake profiles to the dissemination of deception,  years before its impact was ever considered by anyone. 

(iv) he was, likewise, the first to demonstrate the threats from mobile based social engineering attacks. While at the time many researchers ignored these ideas, the Verizon 2019 DBIR—for which he contributed a write-up—found unequivocal evidence in support of it.

Keynote at the 2019 ACCOP conference organized by the Home Team Psychological Services, Ministry of Home Affairs, Singapore.

Dr. Vishwanath also plays the role of a technologist, writing and highlighting, in the public interest, problems in cyber security and solutions for them. Many of his original ideas have led to new products, processes, and policies.

For instance, starting in December 2014, in CNN and other outlets, Dr. Vishwanath called for the creation of 911-type system for reporting cyber breaches. Today, organizations in the US and abroad are working to build such systems.

In February 2015, in another CNN opinion piece, he called for a 5-star rating system for new apps and technologies,  similar to the 5-star rating system we use to test the crash protections of new cars.  In 2019, Consumer Reports launched a system to do exactly this.

In November 2017,  he called for an open source breach reporting portal, where breach information was stored and disseminated, so people and companies knew of what information about them was compromised. In 2018, Mozilla Corp. introduced the Firefox monitor that is built to do this.

In January 2018, he wrote about how AI would detrimentally affect the American middle class, displacing truck drivers, retail workers, even local news  reporters–almost 2 years before presidential candidate Andrew Yang made it his campaign’s central issue.

 

 

Additionally, his research and views on the science of cybersecurity have also been featured on Wired Magazine, USA Today, Politico, CNN, the Washington Post,  Scientific American, and hundreds of other national and international news outlets.

 

 

Below is a list of some of the influential articles he’s authored:

  • on how ransomware attacks such as the Colonial Pipeline hack could have been stopped [CNN]
  • on why weaponizing the Internet is a bad idea [Washington Post]
  • on why smartphones are more vulnerable to social attacks [Verizon Data Breach Investigations Report, DBIR, 2019]
  • on why so many people fall for fake social media profiles online [LA Times]
  • on why spear phishing has become even more dangerous [CNN]
  • on how AI will impact democracy [CNN]
  • on how AI will replace truckers, retail workers, journalists–eventually, all of us [CNN]
  • on how people can stay safe from ransomware [CNN]
  • on what President-elect Trump must do to save the Internet [CNN]
  • on how cyber breaches occur [CNN]
  • on the people problem of cyber security [The Conversation]
  • on the threats to our critical infrastructure from cyber attacks [CNN]
  • on the threat from data exfiltration through attacks like the Sony Pictures attack [CNN]
  • the problems with encryption in the FBI vs. Apple’s iPhone encryption debate  [CNN]
  • the rising tide of ransomware attacks [CNN]
  • why cyber attacks keep coming and are likely to do so in the near future [CNN]
  • how mobile app designs contribute to such attacks [CNN]
  • why we need a virtual wall to protect cyber space and how we can build it [CNN]
  • how people’s habits are responsible for many cyber attacks [The Conversation]
  • how we must change people’s habits and build better cyber hygiene [World Economic Forum]
  • on how we can blunt the phisher’s spear [Blackhat’16]
  • on how “Spear-Phishing” Roiled the Presidential Campaign [Scientific American]
  • on whether the new iPhone is designed for cyber safety [Newsweek]

*A comprehensive list of articles can be found here.