Why does cyber security need a helping hand from psychologists? How are attackers attempting to access the sensitive information of a company or organisation? Which topics are currently relevant in the IT and cyber sector?
Answers to these questions will be given by Stefan Sütterlin, Adjunct Professor at the Centre for Digital Forensics and Cyber Security at TalTech Department of Software Science.
A psychologist in the cyber world
With a background in classic psychology, Professor Stefan Sütterlin is teaching IT students the basic of human nature.
When Sütterlin got involved in the cyber field back in 2015, he did not really have any knowledge of the field yet: “At that time, I used to live in Norway and work at a university. One day, they came to my office and said I was needed in cyber security.”
He has always been interested in experimental psychology, so he immersed himself in this new and unknown world. Now, Professor Sütterlin lives in Berlin, but his work brings him to TalTech at times, where he teaches students, among other things, how to recognise suspicious e-mails and what the goal of the senders of such e-mails might be.
He is also exploring options for training people better, raising awareness of the importance of cyber hygiene, and exchanging information on cyberattacks. “People need to know that when you click on something online, there will be actual consequences in the real world. We need computer experts who understand what is going on in the world of Internet beyond the technical aspects as well, and what the motives of different people or attacks might be,” Sütterlin explains.
A person is vulnerable
“TalTech is one of the few universities in Europe where a course on the human factor and human psychology is mandatory in the Master’s program in cyber defence,” Sütterlin points out, adding: “The people in technology are not really keen on studying these “soft” topics. It is scary for them. The human psyche is difficult to understand, measure in the language of numbers, and control with a computer mouse.”
However, having an understanding of the human nature and behaviour is really important in the cyber field because if you want to hack into the databases of a company or institution or access private information, in most cases (80% of the cases), it is the person who is “attacked” first – a person is always vulnerable, so it is easier to approach them by sending a misleading e-mail, for example. “It has always been in our nature to help and trust each other, and this has not changed over thousands of years,” says Sütterlin.
Difficult, but necessary
In Tallinn, Sütterlin has had great experience with the people of technology – he has met many open-minded co-thinkers. He is even somewhat surprised by that, as one of the complex aspects of his work has been to find a common ground with IT people. “The goal is that they explain things to me in a way that I can understand, and vice versa. Actually, this is a really good and important exercise for both sides.”
The more experts of different fields cooperate, the higher the cyber security as a whole. According to Sütterlin, deepfake technologies will be improved further over the next few years, which will make it harder to distinguish manipulative false information from true information, so it is particularly important now to develop critical thinking in order to identify internet trolls and other characters aiming to do evil in the online world.