Behavior analysis in cybersecurity

Lines in different colors. Shaped like a brain.

Behavioral analysis plays an important role in cybersecurity as it helps identify and prevent cyber threats by understanding human behavior. Cybersecurity experts recognize that humans can be the weakest link in online security since even advanced technical measures can be compromised due to human errors. Therefore, extensive research has been conducted to explore the psychological factors that influence users’ security behaviors.

Using technologies like UEBA (user and entity behavior analysis) makes the work much easier for cybersecurity experts. Instead of having to manually look at all the logs, UEBA uses machine learning and artificial intelligence to go through logs and detect who or what might exhibit malicious behavior or behavior that deviates from normal use and flags those.

Security log. White on black background.
Security log.

Just imagine having to look at this kind of text all day long and trying to figure out if someone is behaving suspiciously. It would most likely burn you out quickly, but thanks to UEBA we do not have to manually go through logs like these and can just trust that the computer will flag suspicious behavior. Later actual humans can manually check only flagged individuals to prevent false positives or just automate everything and ban users instantly when flagged by UEBA.

We also must remember to conduct proper training programs for people and inform them about current scams or currently popular phishing attempts and what else to look out for. For example AI generated scams/phishing attacks, where someone easily can pretend to be someone else by copying their voice using AI or even generate videos about them to scam you, are getting more popular.

Current security awareness programs usually are boring, and their long-term benefits are questionable due to people forgetting about them quickly. It would be interesting to see gamification (giving game like elements to the programs) applied to make cyber security more interactive and interesting. So instead of having to listen to someone lecture about cybersecurity or read about it and then give a few answers there could be a game that you would have to complete.

In normal use it could also be applied for giving credits for activating extra security measures like multi authentication or giving experience points to users who creates extra safe passwords and changes them after a certain time so you could “level up” your account. This might motivate some people to take better cybersecurity measures.

Behavioral analysis requires extensive data, making data collection challenging in various fields. This process often involves tracking or monitoring individuals, raising concerns about privacy and ethical implications. Despite these concerns, large companies tend to disregard them and collect as much data as possible, manipulating users to observe changes in their behavior. For instance, in 2012, Facebook conducted a study on 700,000 individuals without their knowledge, promoting content to gauge their emotional responses. “This unethical practice highlights the disregard for privacy, even if individuals consent to the company’s “terms and conditions” .

Also, security concerns regarding the data gathered about you for studies or anything else are high even if the person conducting a study is trustworthy and will not sell your data. There is always a big risk of your data leaking one way or another to people who might use your data for something nasty like targeted scams, spear phishing attempts, impersonate you for fraud or just add your leaked email to spam lists.

Overall behavioral analysis has a lot to offer when it comes to making cybersecurity stronger. However, we need to find a balance between collecting data and respecting people’s privacy.

About the writer

Niko Junttila is a communication- and information technology student at Centria University of Applied Sciences. His interests are self-improvement and coding.

Niko Junttila, Centria University of Applied Sciences.