When we think Cyber Security, we think – of Tech, Hackers, Data, Phishing, Cyber Attacks, and much more. But there is another dimension to this problem that is increasingly becoming more and more apparent – The Mental/Emotional Aspect. According to research conducted by Sekuro – An Australian Cyber Security Services Company, over 90% of professionals working in this space have experienced Mental Health Challenges in the last 2 years.
Covid19 and the subsequent global lockdowns saw a massive increase in ransomware and the near-continuous stress of cyber-attacks has created unrelenting pressure on those working in Cyber Security. We are approaching a point where ‘burnout’ levels in cyber security might actually exceed those among frontline healthcare workers.
But why is Cyber Security so intricately linked to Mental Health and why has the corporate world not fully woken up to this reality?
1. Cyber Security in 2022 is more about Human Behavior and Less about Technology
Cyber-attacks can be traced back to the 1960s and 70s when privacy and data were the principal targets. However, with the advancement of computer technology, cyber-attacks have also seen a proportionate advance. Modern Blockchain and AI-related threats have impacts that are both technological and psychological.
A study of the best cyber security applications worldwide reveals that most current threats are a product of sophisticated Social Engineering.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks happen in one or more steps.
A perpetrator first investigates the intended victim to gather necessary background information, such as potential points of entry and weak security protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and provide stimuli for subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.
2. What makes Social Engineering so dangerous?
Social Engineering Attacks are so dangerous since they rely on human error rather than vulnerabilities in the OS or software. This makes them very difficult to stop as even for top-notch cyber security, mistakes made by legitimate users are less predictable than malware-based intrusions.
Organizations/groups/individuals perpetrating such attacks often possess exhaustive knowledge of human psychology and human behavior and are particularly quick to target any potential weaknesses and vulnerabilities. In fact, it is estimated that over 90% of successful breaches worldwide start with a phishing email.
3. What do we need to know about Cyber Attacks and Human Psychology?
All 5 most common forms of digital social engineering attacks are heavily influenced by human behavior.
A. Baiting: Enticing ads that lead to malicious sites or encourage users to download malware-infected applications.
B. Scareware: Potential victims bombarded with fictitious threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself.
C. Pretexting: The attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim so as to perform a critical task. The process involves slowly building trust and can often go on for a long time.
D. Phishing: One of the most popular social engineering attack types. Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity, or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
E. Spear Phishing: A more elaborate and specific form of phishing, targeted at specific enterprises or individuals. The messages are “tailored” to the needs, and characteristics of the potential victim and the process can take weeks or even months.
4. Social Engineering and Mental Health
Researchers from the University of Greenwich have proven that under “normal circumstances”, an individual (even one not very well versed with cyber security) has a 70% chance of detecting a potential social engineering attack. However, even mild depression, stress, fatigue or anxiety can greatly lower this percentage. For instance: Even mild levels of stress can impact ‘neural correlates’ which in turn impact memory – causing an otherwise “careful” individual to have lapses in memory, click on unverified links or forget to check email origins.
5. Unique Mental/Emotional Challenges faced by those involved in Cyber Security:
Those actively involved in Cyber Security face certain unique challenges, when compared to almost any other area of work. These include:
- Extremely high-stress environment
- Perpetually changing landscape (There is never a status quo)
- A constant need to update to the latest changes
- Always on alert and surrounded by “high-risk” information at all times
- Need to make decisions with limited (often unproven information)
- Constant pressure with respect to limited time, resources, and team dynamics
- Extremely high expectations as “first responders”.
- Failure is inevitably associated with “feelings of extreme guilt”.
- Very high costs/consequences of failure.
- Very low levels of gratitude
- 24/7/365 expected commitment – zero “downtime”
- Very high risk of “burnout”
- Constant combat against “hackers” and “social engineers” leads to developing extreme cynicism towards humanity.
- Emotional Detachment
Why then do we continue to overlook the obvious connection between mental health and cyber security?
While today, a life without computers seems almost unimaginable, we must remember that this is a technological revolution that has taken place during our times. What this means is that for all of our efforts in maintaining cyber security, our physiologies are not designed to work in such an environment.
We also place too much faith in “purely technological solutions” or “zero trust” systems, while discounting the human element associated with these threats.
A good example of this was the recent pandemic when Covid induced lockdowns, uncertainty, anxiety and fatigue highlighted the link between mental well-being and cyber security like never before – The peak pandemic period saw a 300% increase in cyber-attacks worldwide.
The consequence of this was what we have come to expect – Resignations rise with Ransomware. As the link between the two becomes more and more unambiguous, it is time for the Corporate World to wake up to this threat that comes hand-in-hand with Cyber Attacks.
To know more about Cyber Security Services, reach out to us @ Triway and submit your query. Our team of highly skilled experts will help you with your Security needs