Incident Response through Behavioral Science: An Industrial Approach

We can apply psychological methods and behavioral science to understand the practices, techniques, processes, and skillset cyber-criminals are using nowadays for cyberattacks. We can setup honeypots to observe the techniques and methods used for attacks through logs and security settings. However, setting up a honeypot is very expensive and time consuming. So we have to work with our running systems and need to go through the logs and security settings. This way we can build a description of mind set of the cybercriminals behind the cyberattack. This description could be used as a new vector in finding infiltration method. The specific infiltration could signify a tenacious threat or just one time incident. This vector, if applied correctly, could lead to finding threats and risks relatively easily. This vector could also reduce the time required to investigate the incident. Security incident response is centered on detection, response, and resolution of the incident. Once you know the intent behind the incident, incident response becomes much easier.