- Psychological and socio-technical Incident Analysis
1.1Social and psychological aspects relating to cyber attacks
Cyberspace has provided a platform for communication, businesses, and connections between people. Social technical and human behaviors are considered to be part of the system in security analysis (Bada and Nurse, 2020) and (Albladi et al. 2018). There an aspect of human behavior that should be considered in system security; these factors influence the users engages in insecure social practices. Due to this cyber attacker’s hack, deny service (denial-of-services), use spyware to infect systems. Training employees on the security of the system does not guarantee the user to identify the phishing attack. The training gap and technology faults have made BEC attackers use front end attacks, which are costing the business money. According to Franklin (2020), most of the attackers join the system and wait for some months before initiating an attack. During this time, the attackers are mapping the organization to understand the policy, which makes it easier for them to know the target persons.
Businesses need to know that employees are the last measure of protection. They stand as the last chance against Business email compromise attacks for the organization when all other security procedures have failed (Franklin, 2020). Some factors, such as deadlines, personal biases, stress, and family commitment, among others, are of the factors that prevent an employee from taking caution before acting on phishing or spoofing emails. Like in the cases of Belgian Crelan bank and Austrian aerospace firm FACC AG, the accountants responded to the urgency of the email without realizing its origin (Fig. 3). Due to these factors, cybercriminals are using sophisticated ways, skilled and targeted attacks bearing in mind the psychological aspect of the attack that will make an employee fall victim.