The value of psychology and cognitive science in Cybersecurity

Share this post:

Author: Fiona Byrnes, AP Managed Security Services Delivery Executive, IBM Security

Fiona Byrnes, AP Managed Security Services Delivery ExecutiveWho is today’s cybercriminal? What new data can be commoditised or code weaponised for disruption? These are common security intelligence questions asked in our client conversations.

While these questions are about the preventative tools, testing, analytics, and security methodology, they also have underlining psychology. As a behavioural science graduate, I believe both cybersecurity and psychology are complementary. While the former deals with the mathematical aspect of when, where and how; the latter deals with the logical aspect of why and what.

Logical methods for blocking and mitigating attacks

The cross-over of these two disciplines helps to enhance our understanding of cyber threats and what’s in it for the cybercriminal. By using tabletop exercises, drills and use case libraries and AI, we alleviate some of the effort and stress for analysts. This also frees our analysts up to think laterally, using prefrontal cortex, to focus on logical methods for blocking and mitigating attacks.

The psychology of the cyber adversary also helps us reduce the payload and notoriety for them. By avoiding ‘cool’ references for malware or attack methods (i.e. renaming all malware to a generic reference – malware2020-1), we stem operant behaviour. Active threat hunting using the MITRE ATT&CK framework allows us to apply known methodologies, correlate quickly, and take the fun out of disruption, particularly for unsophisticated hackers.

A stepping-stone to cybersecurity

I recently addressed a group of STEM students at a University and was fascinated to see many young girls drawn towards Psychology. The Professors at the University were equally excited about how the concept of left vs right brain and the value of Counter-Terrorism and Criminology can be used as a stepping-stone to entering into a Cybersecurity career. It’s important that young minds are opened to these concepts because their learning can be leveraged across many fields in security.

My future lectures and working with students will continue to introduce this subject and present to them an opportunity to foresee an exciting career in cybersecurity.

More Security stories

Why IBM is upskilling 30 million people for the digital era

Author: Katrina Troughton, Managing Director IBM A/NZ According to the World Economic Forum, the inability of employers to find enough skilled workers could cost the global economy US$11.5 trillion in forgone GDP growth by 2028. A high 87 percent of executives also report suffering from the issue.  Here in Australia, the Australian Computing Society and Deloitte have […]

Continue reading

How to attract and retain top tech talent with modern data tools

Author: Eric Wong, Customer Success Lead, IBM Australia and New Zealand  It wasn’t all smooth sailing for our client. A 2021 RMIT Online study by Deloitte Access Economics confirms what many of us know from experience – that data science is one of Australia’s most in-demand skill areas. What’s more, the employers surveyed by Deloitte […]

Continue reading

Why natural language search is the way forward

By Jessica Vella, Associate Data Scientist – Advanced Analytics and Paul Sherlock, Associate Partner, Offering Lead – Cognitive Care A/NZ Every week, hundreds of young couples take their first step on an exciting, scary, nerve-wracking journey – one of the most important of their lives. They decide to buy a house. If you’ve been on […]

Continue reading