Like all things digital, cybersecurity is new and unfamiliar. When you visualize a hacker, you probably borrow from the movies, imagining a hoodie-wearing geek in a dark basement, onscreen lines of code reflected in their glasses. In reality, successful online scammers could look like high-profile social media influencers living lavish lifestyles.
The point is that the average person doesn’t readily comprehend a criminal’s methods and mindset. We think we understand the physical property and the efforts involved in securing it. Still, even though breaking and entering is a familiar form of crime, we don’t grasp its psychology.
Victims are at risk because of their behavior. Criminals behave in ways that capitalize on that. Sure, you could install your own CCTVs and motion sensors, but you’re probably unaware of your own peculiar patterns and vulnerabilities. Talk to a bespoke security company like Falcon at falcsec.com, and they’ll make an effort to understand your needs and give personalized advice.
But where do you seek similar assistance when it comes to cybersecurity?
User behavior’s central role
New cybersecurity threats keep on emerging, and in response, the technology we use to fight them also continues to improve and evolve. The typical consumer PC, for instance, probably comes packaged with self-updating security software that works as an all-in-one firewall, antivirus, anti-malware, and spyware removal tool. A couple of decades ago, you’d have to download and install separate apps for each of those functions.
But no matter how sophisticated our digital defenses get, we’re only as good as the weakest link in our system. Invariably, that weakness is the individual user. And even as we become increasingly immersed in online activities, with younger demographics having grown up as true digital natives, we remain deficient in awareness of cybersecurity best practices.
The average user may generally be aware of threats but unable to recognize suspicious patterns. They may not know what’s the safe way to respond in a potentially compromising situation. Unsafe behaviors like sharing passwords, recycling them, using generic ones, clicking on unsecured email links, or downloading unverified attachments, continue to plague the best-secured systems. They are the equivalent of installing full home security, then leaving the front door unlocked.
The psychology of attackers
Since end-user behavior is the easiest point of attack, cybercriminals also respond and adjust in predictable ways. Targeted phishing emails, for instance, are estimated to have an open rate of 70% compared to only 3% for generic ones. The personalized wording makes a difference, which is now an increasingly common form of a phishing attack.
Using behavioral science, threat experts have analyzed the different types of cyberthreats according to a matrix of technological versus psychological dependence. They found that only three areas were completely independent of human psychology, including methods such as phone phreaking, software piracy, DDoS, and network attacks.
Everything else either benefited from behavioral vulnerability or relied on it as a key factor. The former category covers identity theft, device theft, brute force password guessing, voice fabrication, and drive-by downloads. The latter category covers some of the most common attacks: viruses, ransomware, logging, deceptive calls by social engineers, email phishing, and spam.
Enter UEBA
The takeaway is that focusing solely on traditional cybersecurity will continue to ignore your weakest link, and it’s the same vulnerability that criminals continually target.
Many organizations can benefit from training their personnel and conducting periodic refreshers on cybersecurity. But these could potentially be costly, with diminishing returns. It’s human nature to become complacent. When we follow strict protocols for security and nothing wrong happens, our minds trivialize the threat, even though it’s our vigilance that keeps it at bay.
Technology can still help address behavioral issues, which is done with UEBA (User and Entity Behavior Analytics). This entails running an AI to observe your system users, as well as other entities. With sufficient information fed into the AI, it can learn and establish a baseline of normal behavior.
From this profile, the UEBA system can start detecting deviations and anomalous activities. This might be a user repeatedly trying to access a system resource their role doesn’t need, downloading files from unusual sources, unauthorized software installation, or file transfer to external media.
The information-gathering and monitoring of UEBA help protect your organization in two ways. It shores up the traditional weakness of vulnerable user behavior in real-time, forestalling zero-day attacks. And it allows you to pinpoint exactly which behaviors are raising the alarm. Even if no harm ultimately comes of it, you can use this as feedback and get employees to step up their practices. For these reasons, UEBA is set to be an essential supplement to any good cybersecurity system in a future full of unpredictable, behavior-based threats.
