How Human Behavior Affects Cybersecurity

person holding a phone and reading email while sitting at a computer desk
Category: Industry Insights

Posted on

When you think of cybersecurity, you probably think about technology. Technical and data-driven solutions are foundations of cybersecurity, but the human element cannot be overlooked.

Not only is human behavior one of the biggest risks to a secure network, but understanding typical behavior is vital to identifying anomalies and preventing cyberattacks. While understanding the technical ins-and-outs of network security is important to a successful career, expertise in behavioral analysis is increasingly in-demand and becoming an aspect of cybersecurity education programs.

In this article, we explore some of the human aspects of cybersecurity.

Understanding Human Behavior

An important concept when learning about behavioral analysis in cybersecurity is understanding both how individuals create risk to organizations and how to mitigate those risks. This begins with the understanding that hackers will always seek the easiest possible path into a network, which is often through employees and other individuals.

In research conducted by Micro Trend, 91% of targeted cyberattacks involved spear-phishing emails, or emails that are personalized to the recipient. Compared to generic phishing emails sent to many recipients – which only had an open rate of about 3% – targeted spear-phishing messages had an open rate of 70%.

Emails aren’t the only risk. In an era of BYOD, shadow IT and ineffective security training, IT departments face an uphill battle when it comes to reducing risk. Even if a network is secure, a single mistake by a well-meaning employee can expose it to a breach.

Therefore, it’s important for cybersecurity professionals to study human behavior and find ways to educate and train people to avoid these mistakes. This means making training accessible and relevant – and implementing security controls that are both effective and easy-to-use – without disrupting workflow.

Threat Detection and Defining "Normal"

One of the biggest issues in cybersecurity is identifying what constitutes a threat. A traditional approach may involve detection and alerts, followed by system lockdowns. This blunt-force approach to security can result in false positives and may miss legitimate threats.

On the other hand, a behavior-based approach to cybersecurity may involve monitoring a network and developing a baseline of what’s considered “normal” behavior, which will, in turn, make it easier to identify anything that’s abnormal.

By using this approach – which may involve machine learning and specialized algorithms – IT departments can gain a better understanding of what’s happening on their networks on a regular basis. Ultimately, by defining what’s typical, strange behaviors and anomalies become easier to detect and the likelihood of false positives decreases.

In an article about behavioral analysis in cybersecurity, Security Roundtable outlined several types of anomalies that can be identified through this analysis:

  • Applications.
  • Devices.
  • Geography.
  • Networks.
  • Schedules.

By establishing a baseline of typical behavior, it’s possible to trigger security measures when behavior extends beyond a defined range. For instance, if your business is based in New York and your team normally works from 8 a.m. to 5 p.m., a login attempt from an IP address in Los Angeles at 3 a.m. may be a criminal attempting to access the network.

This scenario may also simply be a worker on vacation trying to finish a project while their family sleeps. To account for this possibility, the response may be to ask for additional authentication rather than an immediate lockout. If a user cannot provide the additional credentials, then the system will lock them out, but an authorized user will be able to access the system without any further issues.


Behavioral analysis skills may be among the most in-demand among cybersecurity professionals in the future. As companies look for new solutions, the need for educated and experienced professionals who understand the human aspects of cybersecurity will only increase.

At Columbia Southern University, we offer online degree programs in information technology, information systems, cybersecurity and more. For more information, visit our website.

Topics in This Article