Cognitive cybersecurity, the discipline best able to protect organizations from hackers.

In February 2021, the state announced a billion euro cyberthreat plan in response to an increase in cyber attacks affecting French organizations. Despite increasing cybersecurity budgets, 52% of SMBs were the victims of at least one cyberattack in 2021.

While technological attacks can be countered with security solutions, social engineering attacks are much more difficult to prevent, and their increase is worrying. Employees are skillfully manipulated by hackers and are the reason for the success of cyber attacks in more than 90% of cases.

And yet, despite this reality, most organizations rely only on technology and push the human factor, the main disadvantage of organizations, into the background. To have a chance to stop the exponential curve of cyberattacks, a paradigm shift must occur to finally approach cybersecurity from a neuroscience perspective.

Hackers mainly use three cognitive factors

Social engineering cyberattacks are computer attacks that exploit psychological and human flaws and weaknesses in an attempt to convince a person (the victim) to act as intended, in a malicious and effective scenario at the same time. These computer attacks exploit weaknesses in human interactions and behavioral and cultural constructs.

They come in many forms such as “phishing”, “CEO scam”, or “stooges” on social media. Three factors have been identified that affect the vulnerability of employees: stress, reduced vigilance and excessive workload.

These factors lead the employee to the effect of “attention tunneling”: attention is visually focused on some elements offered on the screen, and the employee will be less attentive to other elements that may alert him, for example, to “spelling”. These attacks are often personalized according to the employee’s interests and digital history.

Identify each employee’s cognitive biases for effective learning

Little research has been done on the cognitive approach to “cyber malice”. However, they would accelerate our understanding of the neurological and psychological mechanisms that cause us to fall into the trap of cyberattacks. A whole field is opening up for the study of cognitive distortions associated with the analysis and evaluation of people’s profiles and their personal qualities.

Once these profiles (“psychotypes”) are identified, employee information and training can be individualized to be more effective. Exploiting each individual’s neurocognitive deficiencies, they materialize in the form of highly personalized email attack simulations, often built using personal data available on the Internet. Once trapped, the employee will be much more receptive to learning. He will be able to receive a concise and contextual training that will consider the elements of the attack, explaining to him, in particular, the “psychological” reasons why he was unable to prevent it.

In 1974, Kahneman and Tversky’s research in psychology and economics laid the foundation for behavioral economics. In 2004, research by neuroscientists McClure and Reed Montagu revolutionized traditional marketing by opening up neuromarketing, which subsequently gave way to neurocommunications, neuroadvertising, neurofinance, etc.

In 2022, we are witnessing a major paradigm shift in the field of cybersecurity, resulting in the emergence of a new discipline: cognitive cybersecurity. Just like in the fields of economics, marketing and finance, neuroscience is today the discipline best able to develop the cybersecurity sector in order to better protect employees and make organizations less vulnerable and more resilient.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.