Cyber security specialists depend on social science research and principles to aid them in their work. Cyber Security Specialists need to be creative problem solvers, tackling both new and old cybersecurity challenges across a variety of technologies. A successful Cyber Security Specialist must know how to troubleshoot problems, implement ongoing network monitoring, and provide real-time security solutions to their team. They must also be able to make decisions in high-stress situations and communicate effectively with other team members. Cyber Security Specialists ensure that a company’s systems are safe from attack. They create and implement security audits across computer hardware, software programs or both – making sure the information being processed on these devices still performs as it should despite any vulnerabilities they may find in order to protect against data breaches. While they have a heavily technical dependence, vulnerabilities are not limited to software alone. People are often considered to be the weakest link in any system of security. Having an in depth knowledge of social science and specifically social engineering is extremely important in making sure the human weakness are addressed. Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources. One type of social engineering is called Pretexting. Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task. The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have authority. The Pretexter asks questions that are ostensibly required to confirm the victim’s identity, through which they gather important personal data. All sorts of pertinent information and records is gathered using this scam, such as social security numbers, personal addresses and phone numbers, phone records, staff vacation dates, bank records and even security information related to a physical plant. An example of this is in the beginning of the movie Hackers(1995), in which the main character performs this exact method to hack into a tv station. Another type of social engineering is Phishing. Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware. An example is an email sent to users of an online service that alerts them of a policy violation requiring immediate action on their part, such as a required password change. It includes a link to an illegitimate website, prompting the unsuspecting user to enter their current credentials and new password. Upon form submittal the information is sent to the attacker.
Citations:
C, (2022, January 7). Cyber Security Specialist job description. Recruiting Resources: How to Recruit and Hire Better. https://resources.workable.com/cyber-security-specialist-job-description
Social Science: What It Is and the 5 Major Branches. (2022, September 25). Investopedia. https://www.investopedia.com/terms/s/social-science.asp
Rosencrance, L., & Bacon, M. (2021, June 3). social engineering. Security. https://www.techtarget.com/searchsecurity/definition/social-engineering