Author, James Bone has come out with a book titled, ‘Cognitive Hack: The New Battleground in Cybersecurity’. In an interview with the Forbes, Bone said that the book is in the form of two narratives which shows the rise of hacker industry and explains why billions spent on cyber security fail to make us safe. Through the narratives, the author explains how simple it is for hackers to bypass defenses and now when the battle is shifted more towards the human mind, it is the human behavior which acts as the weakest link in the cybersecurity armor. The book focuses on the importance of building cognitive defenses at the intersection of human-machine interactions which will need a new way of thinking about security, data governance and strategy. “The purpose of Cognitive Hack is to look not only at the digital footprint left behind from cyber threats, but to go further—behind the scenes, so to speak—to understand the events leading up to the breach,” says Bone.
On being asked about the potential of IoT to increase technological efficiency and broaden cyber vulnerabilities, Bone mentioned to recent internet outrage of October which used a million connected devices and gave a perfect example of IoT’s power and stealth adding that hackers have been experimenting with IoT with more complex and damaging ways. Security researchers over the time have been warning with examples of DDoS attacks which use connected smart devices.
Bone advised that IoT manufacturers must put measures to detect the threats and disable the devices once an attack starts and communicate the risks.
Talking about the cognitive risk framework for cyber security proposed in the book, Bone said it’s an “overarching risk framework that integrates technology and behavioral science to create novel approaches in internal controls design that acts as countermeasures lowering the risk of cognitive hacks.” The book points out the principles and practices of cognitive informatics security, machine learning, artificial intelligence (AI) and behavioral and cognitive science, among few others that are still evolving.
The Cognitive Risk Framework for Cybersecurity revolves around five pillars: Intentional Controls Design, Cognitive Informatics Security, Cognitive Risk Governance, Cybersecurity Intelligence and Active Defense Strategies and Legal “Best Efforts” considerations in Cyberspace.