Cognitive cyber security, the system most capable of protecting organizations from hackers

In February 2021, the country announced a €1 billion cyber threat plan to respond to the increase in the number of cyber attacks affecting French organizations. Despite increased budgets for cybersecurity, 52% of small and medium-sized businesses were the victims of at least one cyber attack in 2021.

If attacks of a technological nature can be countered with protection solutions, it will be difficult to prevent attacks by social engineering, and the increase in such attacks is worrisome. The employees are skillfully manipulated by the hackers and they are the reason for the success of cyber attacks in more than 90% of cases.

However, despite this reality, most organizations rely only on technology and push the human factor, the main drawback of organizations, to the background. For a chance to turn off the exponential curve of cyberattacks, a paradigm shift in the approach to cybersecurity must finally occur from a neuroscience angle.

Three cognitive factors that are mainly exploited by hackers

Social engineering cyberattacks are computer attacks that exploit psychological and human flaws and vulnerabilities by trying to persuade an individual (victim) to act as intended, according to a malicious yet effective scenario. These computer attacks exploit vulnerabilities in human interactions, behavioral and cultural structures.

It occurs in many forms such as ‘phishing’, ‘CEO scam’ or ‘sock puppets’ on social networks. Three factors have been identified that influence employee vulnerability: stress, reduced alertness and excessive workload.

These factors lead to the “attention tunnel” effect: attention is visually focused on some of the items displayed on the screen and the employee will be less interested in other items that can alert him, such as “the spell”. These attacks are often customized according to the interests of the collaborator and their digital history.

Identify the cognitive biases of each employee to train them effectively

Little research has been done on the cognitive approach to “cyber malice”. However, they will make it possible to accelerate the understanding of the neuropsychological mechanisms that make us fall into the trap of cyber attacks. It opens up a whole field for the study of the cognitive biases involved in analyzing and evaluating individuals’ features and personality traits.

Once these profiles (“psychological patterns”) are identified, employee awareness and training can be customized to be more effective. By exploiting each individual’s neurocognitive flaws, it will materialize in the form of super-private simulations of email attacks, often generated using personal data found on the Internet. Once caught in the trap, the cooperator will be more receptive to learning. He will be able to follow an intense and contextual training addressing the elements of the attack by specifically explaining to him the “psychological” reasons for which he has not been able to thwart them.

In 1974, research in psychology and economics by Kahneman & Tversky led to the birth of behavioral economics. In 2004, studies by neuroscientists McClure and Read Montague revolutionized traditional marketing by discovering neuromarketing, and later fell into neural communication, neural advertising, neural finance, etc.

In 2022, we are witnessing a major paradigm shift in the field of cybersecurity from which a new discipline is emerging: cognitive cybersecurity. Just as in the fields of economics, marketing and finance, today neuroscience is the most scientific discipline capable of developing the cybersecurity sector to better protect employees and make organizations less vulnerable and more resilient.

Leave a Comment