Intersections of cybersecurity analysts to social science 

Posted by bdoan002 on

Bach-Nien Doan 

Date: 11/23/2024 

Introduction 

Protecting the security and integrity of data and data systems is the duty of cyber security analysts in Security Operation Centers (SOCs). Numerous techniques, including data encryption, network monitoring, and network firewall use, are used to accomplish this. These analysts are accountable for using these technologies to evaluate the legitimacy of incoming threats to their data systems and thwart them before they have a chance to result in data loss, outages, and other infrastructure damages. Multimedia data, which arrives in several modality forms, contains clues about possible dangers. Typically, a variety of security procedures, including firewall logs and IDS alerts, gather this multimedia data. Analysts must use data triage, correlation, and more sophisticated reasoning to identify the questionable network activity to make sense of this multimedia data (Thomas et al., 2018). 

Principles of social science as it relates to the cybersecurity analyst role 

Because cybersecurity analysts, like social scientists, rely on data-driven methodologies, the empiricism principle is used. To learn how security breaches happen, analysts could, for instance, look at logs, attack patterns, and user activity data. This is in line with the empirical idea of obtaining data from practical endeavors to develop insights. Cybersecurity analysts gather empirical data to identify weaknesses and stop assaults, just like social scientists do to comprehend human behavior. In cybersecurity as well as social science, objectivity is essential. A cybersecurity analyst must evaluate security risks objectively, free from prejudice or conjecture. This could entail methodically examining the causes of cyberattacks, gauging the efficacy of defenses, or studying a system’s security posture. When looking into occurrences, responding to threats, or offering security suggestions, cybersecurity professionals must exercise impartiality, much as social scientists try to avoid personal bias in their study. The idea of relativity is relevant to cybersecurity when examining how threats and defense tactics differ based on contextual, organizational, or cultural factors. An attack vector that may be successful in one area or against one sector of the economy (such as phishing attempts directed at financial experts) might not be as successful in another setting. Like how social scientists take into consideration various cultural and societal norms, a cybersecurity analyst must comprehend the “relative” nature of risks and modify methods to the context of various enterprises, industries, and locations.  

Concepts applied to the cybersecurity analyst role 

The term “cyber victimization” describes the feeling of being singled out, taken advantage of, or damaged by cybercrimes or other malevolent online actions. Applying the concept of cyber victimization to cybersecurity analysts can highlight significant facets of their work, such as how they might fall victim to cyberattacks themselves, how such incidents affect their work, and the consequences for their professional conduct and decision-making. Analysts are frequently vulnerable to spear-phishing or sophisticated phishing attempts. These assaults are more individualized and designed to take advantage of their expertise, credibility, or duties at work. For instance, an attacker might pose as a manager or coworker to fool an analyst into downloading dangerous files or divulging login information. 

Applying cybersecurity economics to the role of a cybersecurity analyst helps organizations understand the cost-effectiveness of various security measures, the resource allocation required for cybersecurity tasks, and the trade-offs analysts make when prioritizing actions. To identify threats, reduce risks, and make sure their companies are safe, cybersecurity analysts are essential. Doing cost-benefit evaluations to decide which risks to prioritize and how best to deploy resources is a significant part of their work. The price of investigating a suspicious alert in comparison to the possible harm from a breach is one example. Investigating an alert requires an analyst to determine if it is likely to reveal a significant attack or if it is a low-probability occurrence that does not warrant the use of resources. 

Social engineering attacks pose a serious risk since they allow fraudsters to deceive people to obtain illegal access. To prevent breaches, data theft, or system penetration, cybersecurity analysts need to be aware of the psychological and social strategies that attackers employ to take advantage of human nature. Common social engineering techniques including phishing, pretexting, baiting, and tailgating must be recognized by analysts. Analysts can create more potent defenses and detection systems by comprehending the social dynamics underlying these attacks (such as taking advantage of urgency, fear, or trust). 

Financial gain, political goals (hacktivism), personal grievances, or the excitement of taking advantage of flaws are some of the motivations behind cybercriminals. Understanding these motives and behaviors is essential for identifying and reducing cyberthreats, and cyber criminology aids analysts in doing so. Understanding the motivations of cybercriminals (such as monetary gain, ideology, or retaliation) can help cybersecurity experts predict the kinds of assaults they may encounter. For instance, a DDoS attack may be politically motivated or a form of protest, whereas a ransomware attack is usually motivated by money.  

Marginalization challenges for cybersecurity analysts 

To identify and lessen threats, cybersecurity analysts use a range of instruments and technologies, including behavioral analysis, machine learning algorithms, and risk assessment models. Nevertheless, a lot of these tools are constructed with datasets that might be biased by society. Discriminatory practices may result from training an algorithm using biased data, such as data that overrepresents the behaviors of some groups or underrepresents others. An AI-based fraud detection system that is prejudiced against socioeconomic or ethnic groups may be relied upon by a cybersecurity analyst, who may designate members of marginalized populations as higher-risk even when they are not committing hostile conduct. These people may become even more marginalized because of needless scrutiny or service denials. 

Although cybersecurity experts are frequently entrusted with safeguarding networks, persons, and organizations against cyberattacks, hate crimes, cyberbullying, and online harassment are more likely to target underrepresented groups. Although cybersecurity experts need to be on the lookout for these dangers, they might not always be aware of the unique difficulties marginalized people encounter online. It’s possible that a cybersecurity expert employed by a social media company is unaware of the systemic mistreatment LGBTQ+ or disabled users endure. This might result in these people not having enough protection, which would enable online abuse to continue. The analyst may overlook important indicators or neglect to put the proper precautions in place if they are insensitive to the larger social and cultural context.  

It’s possible that a cybersecurity analyst who hasn’t worked with underrepresented groups won’t be completely aware of the dangers they confront online. As part of their digital footprint, a transgender person may be more vulnerable to identity theft or online abuse, for instance, but a cybersecurity analyst who is unaware of these threats may ignore or undervalue them. This ignorance may lead to response plans or security policy flaws that insufficiently safeguard the most vulnerable populations. One-size-fits-all security tool design may assume that all users are at the same risk, which is rarely the case in underserved regions. 

Cybersecurity analyst and society 

A cybersecurity analyst is essential to maintaining the security, privacy, and safety of digital networks, which affects society. Beyond merely defending companies against cyberattacks, their work promotes trust in digital networks, facilitates safe communication, and helps preserve the integrity of global infrastructure. Cybersecurity specialists strive to prevent sensitive personal data from being stolen or misused as people depend more and more on digital platforms for everything from socializing to banking. This helps to protect privacy and stop identity theft, which is becoming a bigger problem in the digital era. Hacking, fraud, and cyberbullying are examples of cybercrime that impacts people, companies, and governments. Cybersecurity analysts contribute to public safety and lessen public anxiety about using technology by detecting weaknesses, keeping an eye out for dangers, and responding to crises. 

Conclusion 

Cybersecurity analysts play a vital role in protecting various information technology infrastructures across numerous sectors. As humans become more involved with internet-based devices, cybersecurity professionals like the analyst are in high demand to secure valuable information that is stored online. Additionally, various concepts of social science are consistently used in the role of the cybersecurity analyst. Most threats continue to target humans and security professionals must adapt quickly to protect humans from the threat of social engineering. In addition, cybersecurity analysts may fall victim to cyber victimization if precautions and safeguards aren’t used. Marginalization is a current issue for security roles like the cybersecurity analyst. Data used to determine whether groups of people are a threat may be biased and may result in severe scrutiny of marginalized groups. Furthermore, this career is related to social science principles like objectivity, relativity and empiricism.  

References 

Abbott, R. G., McClain, J., Anderson, B., Nauer, K., Silva, A., & Forsythe, C. (2015). Log analysis of cyber security training exercises. Procedia Manufacturing, 3, 5088–5094. https://doi.org/10.1016/j.promfg.2015.07.523  

Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10), 13–21. https://doi.org/10.22215/timreview/835  

ROGERS, L. (2019). Bringing the security analyst into the loop: From Human‐Computer Interaction to human‐computer collaboration. Ethnographic Praxis in Industry Conference Proceedings, 2019(1), 341–361. https://doi.org/10.1111/1559-8918.2019.01289  

Leave a Reply

Your email address will not be published. Required fields are marked *