Cybersecurity is a vast and ever-expanding field of technology. The more technology becomes an increasing commodity within our lives, the more technological challenges will arise, and the more challenges that arrive, the more will there be a need for cybersecurity experts to mitigate or overcome these challenges. There are many careers that one can go into in this field alone, a career that can fit with anyone’s personal preference. This paper will explore one career that encapsulates the social science and technological elements of cybersecurity, cyber threat intelligence.
Cyber Threat Intelligence (CTI) is the process of collecting, analyzing, and applying data about cyber threats and vulnerabilities. To estimate attack potential and risk levels and further select effective controls and mitigation actions to protect infrastructures, assets, and digital ecosystems (Kioskli and Polemi). CTI experts work within an organization, ranging from a security firm to government offices. Their role works in tandem with the social sciences, with their capabilities of recognizing and analyzing the imperative element behind cyber threats, human behaviors.
To elaborate, the role of a CTI expert is to examine a cyberhacker’s psychology. As described by Daniel Schlette, there are various levels. Low-level incidents involve observing malicious files. However, higher-level threat information provides insights into more complex Indicators of Compromise (IoC), vulnerabilities, and attacker behavior (Schlette). Then, for the third level, it deals with countermeasures for the incident and attribution of attacks (Schlette).
Entire frameworks are designed to support the understanding of attacker behavior. As cyberthreats continue to increase, there is a greater need for organizations to focus on the hacker’s goals. Factors that we have learned in class such as the individual’s motivation, principles of science, and human error. These factors are applied to the role of a CTI expert to have better organizational planning, analysis, situation awareness, and prediction of future events related to cybersecurity (Ainslie et al., 2023).
The 2014 Sony hack, tied to the film The Interview, exemplifies the importance of CTI experts in real-world scenarios. Social science principles, including geopolitical analysis and behavioral pattern recognition, helped identify the attackers as connected to North Korea. The timing of the attack, coinciding with the film’s release, indicated that the hackers aimed to send a message rather than seek financial gain. This case illustrates the synergy of data and social science in providing both technical evidence and context.
In conclusion, CTI experts highlight that cybersecurity is fundamentally about understanding people, not just technology. By blending social science with technical analysis, they can better uncover motives and behavioral patterns behind cyberattacks, leading to improved prevention strategies. Implementing new frameworks, practices, and systems will always be there, but the one element that is the heart of cybersecurity will always be the human factor. Cybersecurity would not be a practical and critical part of technology without this factor.
References
Kioskli, Kitty & Polemi, Despina. (2021). Psychosocial Approach to Cyber Threat Intelligence. International Journal of Chaotic Computing. 7. 159-165. 10.20533/ijcc.2046.3359.2020.0021.
Schlette, Daniel. (2021). Cyber Threat Intelligence. 10.1007/978-3-642-27739-9_1716-1.
Ainslie, S., Thompson, D., Maynard, S., & Ahmad, A. (2023). Cyber-threat Intelligence for Security Decision-making: A review and research agenda for practice. Computers & Security, 132, 103352. https://doi.org/10.1016/j.cose.2023.103352
The hacking of Sony Pictures: A Columbia University case … (n.d.). https://www.sipa.columbia.edu/sites/default/files/2022-11/Sony%20-%20Written%20Case.pdf