The Psychology of Cyber: Why thinking on your feet is critical to cyber crisis response
This is the first post in a series by psychologist Rebecca McKeown, a specialist focused on improving human response in pressurized situations. She is a visiting lecturer at Cranfield University and works with the Ministry of Defence helping the armed forces build more agile human assets. On the face of it, a crisis looks…
This is the first post in a series by psychologist Rebecca McKeown, a specialist focused on improving human response in pressurized situations. She is a visiting lecturer at Cranfield University and works with the Ministry of Defence helping the armed forces build more agile human assets.
On the face of it, a crisis looks like a chaotic cacophony of elements. Quite often, so does the person responding to it.
However, with some experience, patterns emerge that allow you to group the individual elements of each crisis and understand the human elements required to respond effectively.
This is best summed up with the diagram below, which outlines the four types of situations and the factors that influence decision-making:
Current thinking on decision-making in crisis situations
In any true crisis, where the time to think, gather information and consider all options is limited, current psychological theory maintains that people subconsciously revert to experience to make decisions. In other words, they’re guided by intuition: a gut feeling of knowing what the problem is and how to solve it.
In some circumstances this works. In his book Thinking, Fast and Slow, Nobel prize winning psychologist Daniel Kahneman tells the story of a team of firefighters tackling a kitchen fire, when their commander, without knowing why, shouted, "Let’s get out of here!". As soon as they left the building, the floor collapsed.
It was only afterwards that the commander said this decision was based on the fire being unusually quiet and his ears becoming hot. Subconsciously, he knew the fire was not in the kitchen – it was in the basement, which caused the floor to collapse. His intuition saved his team.
This is commonly known as Naturalistic Decision-Making (NDM), a school of thought which has influenced training on decision-making ever since it began in the 1980s. Organizations in everything from the armed forces and emergency services to the nuclear industry have adopted these techniques from a policy, strategy and practical standpoint ever since.
While NDM has some benefits, research also shows that intuition can lead to crisis responders doing something without knowing why. In new situations with complex never-before-seen variables, an intuitive and gut-feel response could therefore be incorrect.
An emerging understanding of modern crisis response
This is particularly pertinent in the cybersecurity space. A busy threat landscape, creative and unknown aggressors, and a multitude of technical variables create continually new crisis situations.
These are known as "Wicked Problems", a concept gaining traction with the Armed Forces as they strive to create agile humans capable of operating across the complex and varied operating environments afforded by the modern battlespace.
This led General Sir Nicholas Houghton (2015), UK Chief of Defence Staff at the time, to say that the uncertainty created by a diverse array of threats creates problems which are “[…] so complex that they defy process-driven, management or scientific approaches. This does not mean they are unsolvable, but the approach must be open-minded, agile, flexible and adaptable to work through the complexities”.
Progressive psychological research into the skills required to work in such environments has identified the need for a new type of agile and adaptive thinking called cognitive agility.
For a cybersecurity crisis, developing cognitive agility means developing the mental capabilities of the individual responders themselves, arming them with the skill of agile thinking rather than the ability to respond to a pre-defined set of situations.
To do this, organizations must focus on continual personal development. Only by frequently running simulations can these people become self-aware enough to understand how their thoughts, decisions and actions impact performance.
By developing this kind of cognitive agility, cyber response teams will get the best of both worlds. This means developing tried and tested skills while being self-aware enough to trust their subconscious intuitive reactions in the context of the situation in front of them.
9 November 2020
Latest Blog posts
Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs
15 September 2021
Analyzing the CVE-2021-40444 exploit
13 September 2021
Take the power back: Tool-up against a notorious global threat group with our new FIN7 series
13 September 2021
Episode 44: Rotten Apple or Privacy Nuts?
2 September 2021
Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare
10 August 2021
Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator
27 July 2021