INTRODUCTION
Cybersecurity professionals are an integral part of society as their efforts involve protecting the sensitive data of both individuals and infrastructures. More inconspicuously, however, their work is deeply rooted in the social sciences. It relies on multiple principles, such as understanding human behavior, fostering trust, and speculating and addressing the ethical implications of their and others’ actions. For example, social engineering exploits psychological vulnerabilities instead of technical or tangible flaws, displaying the necessity of integrating social science into cybersecurity practices. This paper explores the role of the Security Analyst, illustrating how their daily responsibilities correlate with the social sciences to safeguard marginalized groups, strengthen societal trust, and comprehend the complex relationship between man and machine in the efforts to protect our data.
CORRELATION TO SOCIAL SCIENCES
Security Analysts identify and mitigate threats, but to do so, they must not only be experienced with technology but also understand the facets of human behavior to prevent and combat cyberattacks. One notable example is social engineering, a technique hackers use to exploit people’s minds to access private information. It is rooted in the attacker’s ability to fool or trick the victim (psychology) rather than brute force the same victim’s accounts or data (technology). Attackers often use fear tactics or present themselves as someone of authority to manipulate individuals into giving them information, thereby bypassing any technical barriers (Xu, Golob, & Montanez, 2020). Security Analysts fight these challenges by incorporating behavioral sciences in their work. For example, they design and implement training and phishing awareness strategies that seek to educate individuals about the dangers and risks of this type of social engineering. This requires knowledge of cognitive biases and psychological triggers to be effective by reducing human error and strengthening individuals’ and organizations’ overall security awareness.
MARGINALIZED GROUPS
Furthermore, Security Analysts need to be aware of cultural and age-related biases that attackers often exploit to access accounts and financial assets. Siddiqi et al. (2022) highlights that phishing, in its various forms, is one of the most successful methods of attackers. This method incorporates psychological and social principles, such as authority bias, to coerce victims into revealing information or simply transferring funds directly. More specifically, attackers frequently target vulnerable groups, such as the elderly, who tend to lack technical literacy to prevent and recognize these scams (Carlson, 2006). For instance, in vishing attacks, a form of phishing performed over the phone, scammers impersonate government agencies or healthcare providers to exploit the trust and/or fear of this demographic, which can lead to financial hardship. To prevent these threats, Security Analysts apply social science methods, like social learning theory or ethical relativism, to create mitigation strategies geared toward this population. Research by Xu, Golob, and Montanez (2020), describes the urgency of creating educational materials for varying degrees of technical literacy. For the older generations, this may be a simplified awareness workshop or visuals to help identify red flags in emails, phone calls, and fraudulent advertising.
CONCLUSION
In conclusion, the role of the Security Analyst emphasizes the relationship between cybersecurity and social sciences. By understanding human behavior, recognizing cultural and cognitive bias, and addressing vulnerabilities both technologically and socially, these cybersecurity professionals can not only combat the technical challenges associated with the protection of individuals and society but also to protect marginalized groups and build societal trust/confidence. Thus, the integration of social science principles such as social learning, ethical relativism, and behavioral psychology allows analysts to get to the root of the issue associated with risks and vulnerabilities of protecting data, ergo, human error.