There has been exponential growth in cyberattacks since the onset of the COVID-19 pandemic.
- FBI investigators have observed a 300% increase in cybercrime events
- The first half of 2020 logged more than 445 million cyber attacks
- In March of 2020 alone, COVID-19-themed spear phishing emails skyrocketed 667%
Creating a vicious cycle, the fear users are experiencing and their urgency to find information due to the pandemic is a cause largely attributed to the increase of the breaches.
This means that cybercriminals are very well-versed in understanding the behavioral psychology of the population and how to use that knowledge to build ransomware and malware. In order to intercept these crimes, researchers and investigators are attempting to understand the psychology of the cybercriminals. As business leaders build strategies to protect their enterprises and employees from cybersecurity threats, they need to start thinking about using insight into cybercriminal psychology to direct the strategies.
A behavior-based cyber security measure will dissect the source of the cybercrimes – the hackers themselves. By doing this, businesses will gain a better judgement of how the cybercriminals will attack.
Researchers have been building cybercriminal profiles to understand motivations. The research reveals offender psychology with a model profile that takes into account multiple biological factors (physical characteristics, trauma, medical history), external environment (relationships, professional work, childhood upbringing), intelligence (analytical skills, strict mind), personality (social anxiety, agreeableness), social abilities, technical abilities, and internet addiction. Investigators have found some common motivations: financial motivation or quick profit, political motivations, cyber warfare, need to prove power, or selfishness. Some researchers have even identified five personality factors that are most likely to participate in cybersecurity behaviors: extroversion, agreeableness, conscientiousness, neuroticism, and openness. The study found a linear correlation between these personalities and self-disclosed cybersecurity behaviors.
Another very important aspect of cybercrimes is the fact that most attacks happen through insider threats. Disgruntled employees, someone with a financial need, or someone making a statement against the company's actions/policies usually have an inside, and remote, access to the company's assets. In these situations, it is more effective to understand the workplace culture, employee psychology and their needs to be a part of the cybersecurity planning. Hackers in this category also have a thorough understanding of their colleagues and their behavior, therefore they know the best method of attack to make the users fall prey to the viruses.
It is highly beneficial to have the latest cybersecurity software and measures in place to protect against data breaches and cyber attacks. Unfortunately, hackers are updating and adapting to these cybercrime prevention tactics as well. However, when cybercriminals' personalities and motivations are dissected and analyzed, cybersecurity agents can also be as adaptive as the hackers.