The value of psychology and cognitive science in Cybersecurity

Share this post:

Author: Fiona Byrnes, AP Managed Security Services Delivery Executive, IBM Security

Fiona Byrnes, AP Managed Security Services Delivery ExecutiveWho is today’s cybercriminal? What new data can be commoditised or code weaponised for disruption? These are common security intelligence questions asked in our client conversations.

While these questions are about the preventative tools, testing, analytics, and security methodology, they also have underlining psychology. As a behavioural science graduate, I believe both cybersecurity and psychology are complementary. While the former deals with the mathematical aspect of when, where and how; the latter deals with the logical aspect of why and what.

Logical methods for blocking and mitigating attacks

The cross-over of these two disciplines helps to enhance our understanding of cyber threats and what’s in it for the cybercriminal. By using tabletop exercises, drills and use case libraries and AI, we alleviate some of the effort and stress for analysts. This also frees our analysts up to think laterally, using prefrontal cortex, to focus on logical methods for blocking and mitigating attacks.

The psychology of the cyber adversary also helps us reduce the payload and notoriety for them. By avoiding ‘cool’ references for malware or attack methods (i.e. renaming all malware to a generic reference – malware2020-1), we stem operant behaviour. Active threat hunting using the MITRE ATT&CK framework allows us to apply known methodologies, correlate quickly, and take the fun out of disruption, particularly for unsophisticated hackers.

A stepping-stone to cybersecurity

I recently addressed a group of STEM students at a University and was fascinated to see many young girls drawn towards Psychology. The Professors at the University were equally excited about how the concept of left vs right brain and the value of Counter-Terrorism and Criminology can be used as a stepping-stone to entering into a Cybersecurity career. It’s important that young minds are opened to these concepts because their learning can be leveraged across many fields in security.

My future lectures and working with students will continue to introduce this subject and present to them an opportunity to foresee an exciting career in cybersecurity.

More Security stories

How IBM is helping to skill South Australian students for the jobs of the future

By Jade Moffat Herman, Corporate Social Responsibility Lead, IBM A/NZ After almost seven years at IBM Australia and New Zealand, you don’t need to tell me how rewarding a career in technology can be. In my role as Corporate Social Responsibility Lead, I am honoured to work closely with leading public sector, not-for-profit and educational […]

Continue reading

Four Australian teams lead the 2021 Call for Code to help combat climate change

By Alison Haire, Lead Developer Advocate, Hybrid Cloud Build Team Solving global challenges like climate change may seem never-ending, but we can draw inspiration and hope from communities that are making a difference. The open-source movement is one such community, involving hundreds of thousands of individuals and organisations around the world. Together, they have created […]

Continue reading

How to avoid data breaches while accelerating your digital transformation

Author: Chris Hockings, Chief Technology Officer (Cyber Security), IBM Australia and New Zealand  As the pandemic accelerated your need for digital transformation, you needed to act. And fast. And you were not alone. But new findings from the recent IBM-Ponemon Institute Cost of a Data Breach Report 2021 suggest that an organisation’s pace of change […]

Continue reading