Introduction to Cyber-psychology

Author By Dr. Varin Khera

This article was originally published in hakin9 magazine volume 15 no 12 https://hakin9.org/product/azure-and-malware-sandboxes

As the world continues to digitalize, human dependence on technology will increase. According to Statista, 4.66 billion people were active internet users as of October 2020; this number form 59 percent of the global population[1]. The huge shift to digitalization had left a significant impact on how people work and interact in today’s internet age.

Cyberpsychology is a -relatively- new emerging field in the psychology discipline. It is the study of individuals, societies, digital technologies, and the psychological aspects of their interactions. Cyberpsychology assesses how people use technology to interact in cyberspace and how these interactions affect their lives in the real -or offline- world.

Most research studies regarding the cyberpsychology topic focused on the effect of the internet, especially the advent of social media on the individuals’ and groups’ psychology. However, the cyberpsychology domain includes all digital interactions that affect human psychology, such as virtual reality, augmented reality, artificial intelligence, online gaming, and mobile computing.

How Psychology Relate to Cybersecurity

From a cybersecurity perspective, many people may think that IT has nothing to do with psychology. While in reality, they are very related. For instance, exploiting people psychologically to gain sensitive information (e.g., account credentials) remains the primary vehicle used by cybercriminals to gain unauthorized access to IT systems.

In any organization, the weakest link in the cybersecurity chain is still the human factors. Even after deploying the best security solutions such as Firewalls, Intrusion Detection Systems, anti-virus, and multi-factor

authentication, organizations remain incapable of preventing their employees from becoming victims of social engineering attacks. Indeed, many studies found that human errors are still the cause of many data breaches[2].

There are three areas in cybersecurity that cyberpsychology can have an impact on it :

• Social engineering attacks
• Digital privacy
• Cyberbullying

Social Engineering

Social engineering is a type of cyberattack that utilizes psychological tricks over the phone or by using a computing device to convince someone to reveal confidential information about himself or about the organization he works for.

There are different types of social engineering attacks; the most popular form is phishing and spear-phishing attacks. In phishing, the adversary pretends to be a trusted entity (e.g., bank, social media service, ISP) and tries to convince the user to open an email or instant message; after then it asks him to click on a link or download an attachment containing malware. If the user clicks the malicious link, it will be taken to a malicious website housing an exploit kit that scans his device for vulnerable services or an unpatched operating system. It will install a malware (such as ransomware or stealing malware) on his device silently if found. Phishing emails are commonly sent in campaigns. For instance, the attacker send a large number of email messages to a mass number of users, hoping that few of them will click on the malicious link or disclose sensitive information (e.g., account credentials, credit card details).

Spear phishing is a kind of phishing attack; however, it is a customized attack that targets a specific individual. The adversary customizes the message for each victim; hence, it first collects information about the target using all public information (commonly collected from social media sites) and then craft the email message or conduct a phone/social media conversation accordingly. Spear phishing is more dangerous than common phishing and commonly has a higher success rate.

What makes social engineering attacks successful is there reliant on psychological manipulation to gain victim trust to hand the sensitive information.

Digital Privacy

Privacy concerns continue to be a primary concern for internet users. Nevertheless, this concern failed to reflect on reality by encouraging internet users to follow privacy protection behavior. Experts try to employ cyberpsychology research methods to find answers to different questions concerning online privacy:

1. Why internet users tend to reveal large amounts of personal data online despite their privacy concerns?

2. How internet users age affects their privacy behavior online. For example, teenagers reveal personal information more than ager people.

3. To what extent internet users protect their online privacy? And what methods -and tools- they are using to perform this practically (e.g., installing an ad blocker, deleting cookies, browsing the internet using the web browser Private Mode).

Cyberbullying

Cyberbullying is a form of harassment conducted using online methods. cyberbullying was popular among teenagers; however, it became a significant concern for different age groups these days.

Cyberbullying can severely impact its victims, including emotional, behavioral, and even lead some victims to suicide. Cyberpsychology is concerned with studying this type of online behavior.

Using Psychology To Enhance Cybersecurity

Psychologists are now utilizing their understanding of people behavior in cyberspace to develop cultural and behavioral measures to enhance cybersecurity defense for both individuals and organizations through:

1. Understand how people perceive online risks and what motivates them to become more security conscious. For example, psychologists can identify social situations (e.g., informal conversations such as talking on social media or a casual conversation outside the work) when people tend to reveal sensitive information.

2. Using psychology, patters of criminal’s and other related online malicious activities can be identified and used later by security providers to enhance security solutions to stop cyberattacks before it develops and become a threat.

3. Psychologists can raise public awareness about cybersecurity risks and consequently encourage them to become more privacy-aware by using targeted campaigns through social media networks and other traditional media channels such as TV and newspapers.

Summary

Cyberpsychology has become a significant field in psychology, and its role in preventing cyberattacks is becoming a hot topic when discussing cyber defense strategies. Experts from SANS[3] institute suggest employing forensic psychology to profile criminal/s behind a cyberattack by studying the process, techniques, skills, actions, and techniques used by cybercriminals during the attack.

Since computing devices and the internet have an impressive impact on our lives, both at home and work, utilizing cyberpsychology to understand how emerging technologies affect people’s lives has become a significant field in today’s information age.

References :

[1] https://www.statista.com/statistics/617136/digital-population-worldwide

[2] https://www.helpnetsecurity.com/2019/06/17/human-error-data-breach

[3] https://www.sans.org/reading-room/whitepapers/incident/paper/36077