Cognitive Biases in Cyber Threat Intelligence
Cognitive biases are mental shortcuts we take to save time and effort. They’re not inherently bad, but some biases involve logical fallacies, jumping to unwarranted conclusions, and subjectivity, which can negatively affect analysis.
A cyber threat intelligence analyst must be aware of conscious and unconscious biases, and take steps to reduce any negative effects.
Cognitive Biases Affecting CTI Analysts
These are some of the cognitive biases that cyber threat intel analysts need to watch for:
- Expectations bias: seeing what you expect to see
- Resistance bias: perceptions resist change, even in the face of new evidence
- Ambiguity effect: not accurately perceiving info that was initially ambiguous, even after receiving clearer info
- Availability bias: overvaluing info that is the most available or that you have the most experience with
- Anchoring bias: overvaluing the 1st piece of info you encounter, and using it as the standard for judging subsequent info
- Overconfidence bias: being overconfident about probability
- Consistency bias: being more confident about conclusions drawn from a small set of consistent data than ones from a larger set of less consistent data
- Missing information bias: difficulty of judging impact of missing info
- Discredited evidence bias: perceptions resist change, even when they’re proven wrong
- Rationality bias: seeing events as part of an orderly, causal pattern, and overlooking randomness, accident, and error
- Correspondence bias (aka fundamental attribution error): attributing others’ behavior to personality rather than the situation
- Confirmation bias: looking for or focusing on info that supports your preexisting conclusions
- Bandwagon effect: going along with the crowd; relying on consensus
- Mirroring (mirror-image bias): assuming that the target being analyzed thinks like the analyst
- Clientelism: presenting info in a way favorable to the “client” (party sponsoring the analysis), in exchange for that support
- Linear thinking: a straight-line, sequential thinking style that can overlook non-obvious or unrelated info
- Self-serving bias: taking more responsibility for successes than for failures
- Belief bias: evaluating arguments based on the plausibility of their conclusions and your own beliefs rather than on how strongly the arguments support the conclusions
- Hindsight bias: thinking that past events were more predictable than they actually were
- Anecdotal fallacy: relying on anecdotal evidence (personal testimony) rather than statistical evidence
- Appeal to probability: thinking that because something is possible, it’s probable, or because something is probable, it’s certain
Combating Cognitive Biases in CTI
To fight the negative affects of cognitive biases, increase your self-awareness; be aware of your conscious and unconscious biases. Before you start analyzing a problem, go through the list of biases above and ask yourself how each affects your thinking.
Reduce the effect of biases by practicing critical thinking and using structured analytic techniques.
This page contains one or more affiliate links. As an Amazon Associate, I earn from qualifying purchases.
Psychology of Intelligence Analysis
Psychology of Intelligence Analysis [Heuer, Richards J.] on Amazon.com. *FREE* shipping on qualifying offers…
Intelligence-Driven Incident Response: Outwitting the Adversary
Amazon.com: Intelligence-Driven Incident Response: Outwitting the Adversary eBook : Roberts, Scott J, Brown, Rebekah…
Thinking About Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science (PDF)
The 80/20 of the Cyber Threat Intelligence (CTI) Domain Knowledge
I have studied the SANS GCTI and EC-Council CTIA Cyber Threat Intelligence (CTI) certificates quite extensively and…