The value of psychology and cognitive science in Cybersecurity

Share this post:

Author: Fiona Byrnes, AP Managed Security Services Delivery Executive, IBM Security

Fiona Byrnes, AP Managed Security Services Delivery ExecutiveWho is today’s cybercriminal? What new data can be commoditised or code weaponised for disruption? These are common security intelligence questions asked in our client conversations.

While these questions are about the preventative tools, testing, analytics, and security methodology, they also have underlining psychology. As a behavioural science graduate, I believe both cybersecurity and psychology are complementary. While the former deals with the mathematical aspect of when, where and how; the latter deals with the logical aspect of why and what.

Logical methods for blocking and mitigating attacks

The cross-over of these two disciplines helps to enhance our understanding of cyber threats and what’s in it for the cybercriminal. By using tabletop exercises, drills and use case libraries and AI, we alleviate some of the effort and stress for analysts. This also frees our analysts up to think laterally, using prefrontal cortex, to focus on logical methods for blocking and mitigating attacks.

The psychology of the cyber adversary also helps us reduce the payload and notoriety for them. By avoiding ‘cool’ references for malware or attack methods (i.e. renaming all malware to a generic reference – malware2020-1), we stem operant behaviour. Active threat hunting using the MITRE ATT&CK framework allows us to apply known methodologies, correlate quickly, and take the fun out of disruption, particularly for unsophisticated hackers.

A stepping-stone to cybersecurity

I recently addressed a group of STEM students at a University and was fascinated to see many young girls drawn towards Psychology. The Professors at the University were equally excited about how the concept of left vs right brain and the value of Counter-Terrorism and Criminology can be used as a stepping-stone to entering into a Cybersecurity career. It’s important that young minds are opened to these concepts because their learning can be leveraged across many fields in security.

My future lectures and working with students will continue to introduce this subject and present to them an opportunity to foresee an exciting career in cybersecurity.

More Security stories

Collaborative Threat Defence with IBM and Cisco

Author: Ali Daher, IBM Security Leader A/NZ When it comes to threat defence, it’s a cluttered market out there! There are multiple security vendors and a multitude of tools to solve different security requirements. Common feedback we hear from customers is, wouldn’t it be great to: Reduce product and vendor complexity Streamline workflows between security […]

Continue reading

Cybersecurity: How to stay safe online during COVID-19

The big shift to remote working has meant huge changes in how we do our jobs, including risks we didn’t need to worry about before. COVID-19 isn’t the only pandemic we’re suffering right now. Our digital lives are under unprecedented attack and the very thing that is meant to keep us safe from the actual […]

Continue reading