Agile thinking is important in dealing with cyberattacks. Read one psychologist's tips for cybersecurity professionals on how to adapt and stop the attackers.
With a constant barrage of cyberattacks plaguing cybersecurity staffs, one expert has a new way to train teams in cognitive agility, which we discussed in a previous article, Cognitive agility can help solve some "wicked" cybersecurity challenges. Since cognitive agility is a learned behavior and a somewhat unusual one, psychologist Rebecca McKeown, in her second Immersive Labs article on the topic, The Psychology of Cyber: How to build cognitive agility with micro-drilling, offered suggestions on how cybersecurity department heads can make cognitive agility part of their training regimens.
SEE: Identity theft protection policy (TechRepublic Premium)
McKeown and others have successfully used this training methodology in other industries, increasing their confidence it will apply equally well to cybersecurity. McKeown identified the following points as being critical.
1. Run more simulations
Well-managed cybersecurity departments run simulations as part of training. McKeown emphasized that developing cognitive agility in team members will require running simulations often. She offered the following reasons:
- Skills acquisition is an iterative process requiring several steps. Initially, people develop surface level knowledge and eventually graduate to more advanced skills such as attributing reason to an attacker's actions. This, however, takes time to embed in the human psyche.
- If new skills aren't used often, they fade fast. We become less adept and our competence degrades very quickly, so frequency of training is incredibly important.
- Finally, when they start developing cognitive agility, people will begin to consciously make connections from previous experiences and apply them to crisis situations. Essentially, you help people 'pre-plan' and understand the consequences of decisions before they're made in a live environment.
"Essentially, you help people 'pre-plan' and understand the consequences of decisions before they're made in a live environment," McKeown said. "The greater the volume of crisis simulations a person goes through, the better their bank of experience is, meaning they have more to draw from and become more adaptable."
McKeown said running simulations once every two months is the absolute minimum.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
2. Run a greater variety of simulations
Trainers need to craft simulations that increase awareness of counterfactual thinking: Thoughts of events that could never happen in reality because they solely pertain to events that have occurred in the past.
By exploring alternative solutions, team members are encouraged to change the way they solve a problem, as it may be a better approach: For example, by asking for different datasets upfront or discarding irrelevant information and opinions earlier in the crisis.
SEE: Cybersecurity: Blaming users is not the answer (TechRepublic)
"Running a variety of simulations lets cyber-response teams ask a broader range of 'what if' questions to themselves and their teams," McKeown wrote. "In addition, build a mechanism into each scenario to allow people to discuss 'what if' after the event, even if it is just 15 minutes or so."
3. Analyze simulation data to spot patterns
This is a key component of running simulations. By comparing simulation outcomes over time, the affect certain decisions had on the simulation can be analyzed. This will encourage people to make decisions based on data, as opposed to intuition.
McKeown added, "Ensure crisis simulations are tracked with easily quantifiable metrics tagged to each decision so participants can understand outcomes clearly."
What is micro-drilling, and how can it help?
McKeown is well aware that department heads and team members are busy, and adding more workload will not sit well. This is where micro-drilling comes into play.
Micro-drilling in this context is methodology designed to reduce the amount of time and effort to run simulations. It prescribes a series of rapid, short, regular crisis simulations, typically delivered through a browser. McKeown said this will help develop the above three elements of cognitive agility.
SEE: Looking for cybersecurity experts? Consider hiring veterans (TechRepublic)
"Without having to collect stakeholders in a physical location, and only being run for an hour or so, micro-drilling allows for a greater cadence of training as it is less burdensome," she said. "This leads to the continual acquisition of cyber crisis-response skills."
An added benefit of employing micro-drilling is the variety of scenarios it allows. "By encouraging teams to run more variations, it develops the counterfactual thinking crucial in helping incident responders to explore alternative hypotheses—ensuring they approach the next crisis better prepared," she said.
Another benefit of micro-drilling is that it gives the ability to collect data on how decisions affected the outcome. This information allows response teams to spot patterns that will assist decision making.
Why is micro-drilling important?
McKeown believes micro-drilling is well-positioned to instill cognitive thinking and cognitive agility in crisis-response teams, which in turn will help solve cybersecurity's most "wicked" problems. With cyberattacks on the rise, having a well-trained team is always an asset.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)