Introduction to Psychology in The Corporate And Cyber Security

in #psychology7 years ago

Introduction

Hello friends,
Today I would like to discuss the application of psychology in the corporate and cyber security. This activity is what mostly I am involved into professionally and this certain post would be a brief introduction, which in the articles to follow would be discussed in further details.

Today’s technological development opens a new ground and opportunities for criminal activities. Nowadays investigators must become more innovative and well-trained. While being technologically educated is an advantage in cyber security, we must never forget that behind every machine, the user is a person. A person who shares, on a fundamental level, the same personality traits and psychological features like any other human does.

Adaptation is in the core of our nature. We build our surroundings in a way we find suitable for us and in accordance to our preferences and lifestyle. Thus everyone is building certain type of habits (in work or everyday environment), uses certain type of phrases or behavior models. In other words – every single person builds their own customized comfort zone in order do function successfully as individual.

All of this does not differ in any kind when we speak about ‘our digital world’. Every user leaves a trail (sometimes subconsciously) on their device or platform. With all the technological advancement, the digital devices, social platforms, blogs, chats etc have become a substantial database full with all sort of trails, which lead to pools of personal information. Information which if analysed properly by the investigator, could be used as evidence if the suspect has committed certain crime – selling personal information, financial scams, hacking, selling drugs or guns etc.
In order to be successful in the investigation, the expert should be familiar with the psychological aspect of certain behavioural patterns and motivation, as well as being technologically proficient. Only then he would be able to recognize the clues left by the perpetrator.

Overall we could recognize three elements which could be considered as psychological cues in crimes:

• The method of operation
• Rituals or signs
• The unique signature of the perpetrator

When we don’t have a certain person suspected of a crime, the best approach is to analyse the clues we have and create a profile of the perpetrator.

Digital profiling

It’s important to understand that a psychological profile is only done, when we do not have a suspect and we want to outline the psychological characteristics of the perpetrator and then use it to find the perpetrator.

The first step of the digital profiling is to analyse and identify the goal of the perpetrator.
Understanding the motivation and choosing the proper tools (like digital profiling itself) is crucial for this step and the ones following it.

The second step is to select the relevant information and assess the collected data (if any is presented). This step is crucial when forming certain hypothesis for the deed and the person behind it.

In the third step a comparison in the data is done and a digital profile is created.

Finally the digital profile is compared to the initial goal and motivation behind the crime.

Once we have our suspect or group of suspects, there is no other better scientific method to establish their involvement in the crime, than the polygraph.

Polygraph

Now, I’ve done a few articles about how the polygraph works and what does it measure, so I suggest you read them too. I will not discuss any details about it in this post.
The practical use of the polygraph method in organizations could be seen as a tool to establish certain person’s involvement in a crime, as well as a preventive technique when hiring.
The main function of the polygraph as a preventive technique is lowering the risk of disloyal behavior, which often is the main cause for an employee to commit certain crime. The polygraph is really effective in order to establish financial, material or informational losses in certain company.

While this method is first established and used by the police in criminal investigations, today many major companies use it when hiring people, especially if the position requires specific qualities and certain conditions from the employee.
Speaking of specific qualities, another very useful psychological method which could be used as a preventive technique but also as a tool which increases the chance of success for the person at a certain position, as well as of more profit to the company is the psychological assessment.

Psychological Assessment

The psychological assessment is a combination of scientific techniques ( clinical and/or personality tests), psychological interview and analysis. When it’s used for pre-employment purposes it’s aim is to help the company to make the right choice of person for the opened position. The psychological assessment is a two-way win-win process: it provides the unique opportunity to hire the most capable people, while at the same time significantly reduce the chances of hiring incapable employees.

The combination of psychological assessment and the polygraph method could provide a 360 degree view of a certain person, tested on specific topics. When it’s used as a method in the investigation the psychological assessment could give the expert valuable information of the psychological traits and behavioural patterns, which sometimes is the key to the conclusion if that person is capable of committing certain crime or not.

Psychological Trainings

Another useful aspect of psychology application in cyber and corporate security is the specific psychological training. We live in a time where everybody wants to be an expert and coach, teacher and lecturer when it comes to psychology and behaviour analysis. While there is a lot of bs on the market, the true benefits of such training, conducted by real expert (or a group of experts), should not be underestimated. Today more and more companies are actually hiring experts in order to train their managers and directors to be able to recognize deceptive and disloyal cues in the behaviour of their employees. Like the polygraph method and psychological assessment, being trained in recognizing these clues, could be regarded as a preventive, as well as proactive action. The benefits of the trainings are that in a short time many people could be trained. Depending on the company’s needs and specifications, customized trainings could be conducted in order to achieve higher goals.

Conclusion

It’s needless to say that in a combination, all of the mentioned techniques increase the chance, if not even guarantee the stability and success of a certain company in it’s corporate and cyber security sector. What is most important to understand is that these methods provide the chance ‘to take care’ of the ‘human aspect’ in the company’s activity and security. By understanding that it becomes common sense to act in a preventive manner rather than researching how to fix a problem when it has already happened.

Hopefully this short introduction was an interesting read to you. If it was – please upvote and re-steem it. If you have thoughts on this topic, please discuss them with me in the comment section !

Sources:

  1. Digital Scene of Crimes: technique of profiling users

  2. Fundamentals of Polygraph Practice

Images: Pixabay

Sort:  

The psychological implications of being subjected to a polygraph test when applying for a job might not worth the test in the first place. Any act or measure that seems abusive and intrusive by the candidate might backfire and affect the selection process. For example I am a very honest person, I can't lie even if I want to, but I would be profoundly affected by a polygraph test during the selection process. And I could turn the job down without much thinking. It instills distrust. Perhaps that positions such as CFO or CEO or higher management positions would be better suited for a polygraph test.
This being added, we all know that the polygraph is not a very reliable method of uncovering the truth and should not be used as a conclusive method - I have now looked at your account description and I realized you probably know all this :D

Corrections: "in it’s corporate" - its.
I liked your article. Well written, easy to digest even though I am after a whole day of work. I majored in IT security so many of the concepts I got from there. Cheers!

I know that in some countries the polygraph method is not accepted in the pre-employment area.
However in my company we examine hundreds of job candidates on a monthly basis.
Trust me, the polygraph does work when it is used by trained professional. The role of the examiner plays an enormous part in the procedure. I have explained it in my previous articles.
Thank you for your comment, it is much appreciated.

well done @dsyfunctional, though, I do not totally agree with the polygraph test, just like psychologist Leonard Saxe (Ph.D.) argued

The idea that we can detect a person's veracity by monitoring psychophysiological changes is more myth than reality.

Thank you!
For better or worse, the objective truth does not follow mine or your beliefs. Not even Saxe's in that manner.
The polygraph is an instrument, which if used correctly works like a charm. Sadly, as any other instrument, it's effectiveness depends on the expert behind it.

in opportunities we can make a psychological profile when we already know who it is and we have an organization behind the terrorists or in my country, there is a group that attacks the government website called anonimus. Regarding the polygraph test any certified psychologist would take away the credibility, and I as a therapist join me.

I am sorry, but I couldn't understand the point of your thought / comment...