Cyberpsychology Based Insider Threat Prediction Model Approach for Cybersecurity

Cybersecurity plays an important role not only in the field of information technology, but also in our everyday lives in society. Protecting information has become one of today’s biggest challenges. Every time we think about Cybersecurity, the first thing that comes to mind is cybercrime, which is becoming extremely complex and unpredictable every day. Various Governments and companies are taking numerous measures to prevent cybercrime. Beyond a variety of measures, Cybersecurity is still a huge concern for many, as most measures are solely technology-based. It is unlikely that we will succeed in solving our problems if we do not truly understand their ultimate source-the human mind.We live in an environment of violent promotion. We make the situation worse by watching, sharing, posting and glorifying violence on entertainment platforms through gadgets. Due to the virtue of technology, all sorts of entertainment are readily available. As the world turns into a global digital village, attackers are getting smarter and more unpredictable. Attackers are disguised in many ways and risk is ever present. In an organization setting, insider threats or malicious insiders cover a range of scenarios ranging from disgruntled employees to those who specifically penetrate the organization’s systems to steal or damage. Although the software industry develops security products based on artificial intelligence, cyber-attacks continue to occur worldwide. Basic cognitive capacities of humans are disrupted at a higher rate because of the wide variety of information explosion across computer systems or devices. This provides an opportunity for sociologists and psychologists to directly detect and diagnose any abnormal behavior on an individual level. The software industry can see the value of integrating psychology and Cyberpsychology to develop holistic cybersecurity products based on systems thinking. Some organizations already use certain psychological methods, like psychometric interviews based on tests, counseling sessions on psychological well-being and so on.This paper focuses on demonstrating a fundamental prediction model based on ordinal logistic regression technique for creating an awareness and the importance a holistic cybersecurity product and services based on Cyberpsychology. Integrating cyberpsychology into an AI-based cybersecurity product will provide a powerful combination and effectively prevent malicious internal attacks.


Introduction
The insider threat has been identified as a key threat to organizations and governments. Understanding the nature of internal or malicious threats and associated threats can assist in developing mitigation strategies, including non-technical means. It is natural that humans will always interact with any device at some level and human behavior thus becomes a part of the whole network eco system. A human actor is always the initiator of any attack upon a system. It is therefore imperative to understand how people interact and communicate with the technologies at hand and what individual behaviors may introduce vulnerabilities. When we apply the same logic in the context of an employee and employer scenario, it helps us to better understand the insider threat mechanism and the factors that make susceptible to malicious influence. In this paper, Insider threat prediction model is proposed based on Cyberpsychology philosophy. An insider attack is the execution of a latent threat by an insider to achieve their goals, which usually has a detrimental effect on the organization. They are often straightforward to perpetrate without detection using their legitimate access, or acquiring unauthorized access using their knowledge of system weaknesses to defeat the controls. The proposed methodology in this paper describes the ideal independent variables the management has to capture and measure in a real time basis in order to devise suitable prediction models in a cost-effective manner using the statistical quantitative analytical computing methods of machine learning.
Insider threats to institutions, enterprises, and government agencies continue to be a major problem. The veracity and frequency of this threat in firms today are well demonstrated by current studies. [1,2]. According to a 2020 global report [3], the average global cost of insider threats rose by 31% in the last two years to $11.45 million, and the occurrence of incidents spiked by 47% in that period. Through the assessment and analysis of incidents, the challenge of insider threat (IT) can be better understood and addressed. Insider threat incidents have increased to significant levels [4]. The most important conclusion is that credential theft poses the most expensive insider danger per event. Both the incidence and expense of these catastrophes have greatly grown. In fact, since 2016, the average number of occurrences per organization has climbed from 1 to 3.2, and the average cost has gone up from USD $493,093 to USD $871,686 in 2019. Organizations are spending more annually to cope with insider negligence, but the cost per occurrence is significantly lower [5]. This is because insiders often have good knowledge of the environmental set-up, and ready access to the assets owned by their employers. Such individuals often have the trust of their organization, which enables them to gain authorized access and bypass electronic and physical security controls [6]. Nonetheless, more than 75% of these incidents are typically handled internally without being reported to law enforcement agencies, and often no legal action is taken [7].

2.
Scope Despite tremendous effort in recent years, insider threat mitigation has generally made only modest progress [8]. People who are not employed by the organization's security team may be able to identify malicious insider threat actions. This is demonstrated in [9,10], which demonstrates that just one in five instances of such activities are discovered using a mix of automated methods for logging, monitoring, and reporting suspicious activity in addition to manual diagnosis and analysis. Many of the Cyberpsychology books and articles reveals an astounding fact that many of the Cybersecurity service providers in the world predominantly see the security issues with the lens of technology and they are very keen on strengthening their defense mechanism through hefty investment on advanced technologies. This kind of approach does not yield a complete sustainable benefit and especially it cannot transform their services into proactive from a reactive based mechanism. Furthermore, this kind of merely technology centric products and corresponding business process hinders meeting the corporate ESG(Environmental, social and governance) ratings.

3.
Literature Review In recent years, the literature on insider threat detection has garnered much attention. Past studies have focused on insider threat profile [11,12], and abnormal detection approaches [13,14]. However, to the best of our knowledge, there is no study on insider threat prediction model creation based on cyberpsychology. Furthermore, most of the Cybersecurity service providers are gradually realizing the power of employing a Cyberpsychology practitioner or expert roles that can effectively and holistically manage the insider threats. In the banking and financial industry, actual insider attack cases that were discovered through public reporting were reviewed by Randazzo et al. [12]. They used a behavioral and technical viewpoint to analyze the situations. The report also describes the communication patterns and behaviors' leading up to the damaging activities. They presented insights that can help with future study and policy development.
According to research conducted by Lieberman Software Corporation at Microsoft Ignite 2015, 35% of IT professionals believe insider threats pose a greater risk than external cyber-attacks, which supports the growing worry about the risks of insider assaults [15]. Whether an insider acts maliciously or unintentionally, the insider threat is real, serious, and challenging to counter. For this reason, dangers exist. An author Cole noted that "unknown" and "no value placed" losses were highest in a SANS 2017 Insider Threat Survey [16], indicating that most organizations lack adequate monitoring and reporting methods to assess the true cost of insider assaults. The readers may feel that few of these citations are quite old however; the fact is that, whether these citations are old or new, the impact is significant and the risk is still relevant today. In spite of the damage to their reputation and the potential for fines, more than 40% of respondents indicated that they were worried about bad press, indicating that organizations at least recognize the issue and the need to report breaches [17].
A review of the literature and posts on Cybersecurity attacks shows that increasingly they involve social engineering techniques; where psychological principles are used to manipulate people into disclosing sensitive information or allowing others to access a secure system [18]. For example, to get people to click on a link, phishing emails and phone calls use a variety of psychological techniques related to social influence, such as appeals to fear or creating a sense of urgency or scarcity [19]. However, despite the psychological nature of such Cybersecurity attacks, research into the role of psychology in Cybersecurity is still limited. Also, often research into the closely linked area of social engineering is conducted from the discipline of computing rather than psychology. However, within the last year the importance of psychology has begun to be recognized in the academic literature [20]. In contrast, large scale Cybersecurity incidents are often instigated by groups, as opposed to individuals acting alone. As such these incidents can be regarded as the result of group actions and group processes; theories from Psychology are used to help understand the formation, operation and influence of groups on their members and these can be usefully applied to online groups.
Psychology can offer much in helping to understand the motivations of individual hackers or scammers, for example drawing on the research into individual differences, looking at factors such as self-esteem, introversion, openness to experience and social anxiety [21]. Other work has shown that individual's motivations are not always related to financial gain but can be purely for entertainment or social status reasons. Numerous hacking cases, particularly those committed by adolescents and young adults, have been closely linked to peer pressure and other social psychological factors. Numerous online behaviorshave been explained by psychological theories of disinhibiting and individuation, which can also be utilized to comprehend Cybersecurity problems.

4.
Proposed method for Predictive Model creation Proposed method of predictive model creation involves identifying the ideal independent variables. Many organizations are still having silo-based data and tools. These highly disintegrated tools are prone for the insider attacks. A theoretical synthetic data that contains 120 records are used for predictive model creation and leveraged the Ordinal logistic regression technique for building a predictive model. The findings revealed that there is an impact of employees' information on insider threat risk. In this study, increasing the Habit of Alcohol habits and less performance appraisal rating, interested in movies like Science fiction and Crime/Thriller/Horror movies and Political News Interest was associated with an increased in the likelihood of exhibiting Insider Threat Risk. The study lays a foundation for understanding behavioral traits when employing staff members, as well as for being able to continuously observe staff behavior to prevent potential dissatisfaction or other worrying behavior. A great deal of research has been devoted to the exploration and categorization of threats posed from malicious attacks from current employees who are disgruntled with the organization, or are motivated by financial gain. These so-called "insider threats" pose a growing menace to information security, but given the right mechanisms, they have the potential to be detected and caught. In contrast, human factors related to aspects of poor planning, lack of attention to detail, and ignorance is linked to the rise of the accidental or unintentional insider. In this instance there is no malicious intent and no prior planning for their "attack," but their actions can be equally as damaging and disruptive to the organization. This paper presents an approach for creating a predict. Formal definitions of 'Cybersecurity' typically revolve around systems, standards, technologies and processes for protecting computer systems, networks and the data they contain from unauthorized access or malicious attacks. Such a definition may imply that Cybersecurity is somewhat of a dry, technically focused enterprise, mainly of concern to computer network professionals or system engineers and industry professionals. That is a far away from the truth: Cybersecurity and security breaches have profound implications for all of us Humans will always interact with any device at some level, and human behavior thus becomes a part of the system. For example, what factors might make some individuals or organizations more susceptible to malicious influence. How do psychological phenomena and information technologies intervene, strengthen or facilitate such processes of influence? What can be done to protect individuals, groups and systems from such attacks? These questions are clearly in the domain of psychology and the behavioral sciences. Without considering them, no approach to Cybersecurity can ever be successful.
In the literature, a number of insider models have been put out. One of them employs numerous, but challenging to quantify, signs, such as language and psychological characteristics, to be able to anticipate insider assaults. Markov's Hidden Inferring divergence between a user's activity patterns and a set of existing activity models has also been done using models. Psychological traits of an insider, including depression and introversion, have also been recognized and addressed. Best practices have also been suggested for the detection and prevention of the insider threat. In this study, the Ordinal logistic regression model was used to predict the internal threat risk in the organization. There are fifteen independent variables and one dependent variable as insider threat risk likert scale variable has five values 1 to 5, for the low risk to high risk of an attribute. Having more independent variable can lead to over-adjustment, Hence, it is important to consider only the minimum necessary variables based on -Employee wellbeing individual counseling sessions‖ using various methods of Cyberpsychology, Neuro linguistic program techniques or ethnographic a placebo technique

5.
Output Summary In this section, the results of the quantitative dataare presented. The data was first entered into an excel file and exported into an analytical tool. The sample size for the study is n=120. The analysis carried out was percentage analysis to find out the demographical information of respondents. Descriptive statistics are used to summarize the data.Variables are expressed as the mean. Chi-Square test is performed to find the association between two categorical variables. Technique used in the data analysis method known as Ordinal logistic regression to determine the associations between two data factors. The value of one of those parameters is then predicted depending on the other using this relationship. Typically, the forecast has a limited number of possible outcomes, such as low risk to high risk. The individual information of the personnel is shown in Table 2. Out of 120 respondents, 70% were men, The majority of responders (23.3%) among the participants were post-graduates, and 63.3% of them were single and unmarried. The official information about the staff is shown in Table 3. The majority of respondents (27.5%) were into Band EB3, and the majority of respondents (32.9%) had experience ranging from 6 to 10 years but less than 1 year. The majority of participants (49.2%) received excellent feedback from their manager, and 60.8% of participants received excellent feedback from their clients. It was also discovered that 42.5% of them received an award or honor. The staff behavior is shown in Table 4. It shows 44.2% of respondents did smoking regularly, followed by 39.2% of respondents who reported that they did not smoke, and 16.7% of respondents who reported occasional smoking. The majority of respondents among the participants53.3% said they did regularly consume alcohol, followed by 28.3% who said they did not and 18.3% who said they did so occasionally.  Table 5 shows the frequency of insider threat risk. Majority 30.8% chances of very high risk of insider threat risk and 19.2% were did not insider threat risk. The relationship between insider threat risk and respondents' Job role professional information is seen in Table 6. Due to the fact that the p values for the manager feedback (p<0.01), and customer feedback (p<0.01) and honor/award (p<0.01) are all less than the 0.01 significant threshold. Therefore, there is a connection between the respondents' official information and the danger of insider threat. According to the above table, there is a risk of insider threat as a result of poor manager and customer feedback. The risk here could be even attrition risk as well. The relationship between the respondents' habits and their chance of insider threat is shown in Table  7.Because the p-values for drinking habits are both below than the 0.05 level of significance. As a result, Volume 5, Issue 4, July-August 2023 9 there is a connection between respondents' changing habits and the risk of an insider threat. According to the above data, individuals who often drink alcohol are at risk for experiencing an insider threat.  The relationship between insider threat risk and movie interest is shown in Table 8. There are five interesting movie types. Family Type, Cartoon, Comedy movies, Science fiction and Crime/Thriller/Horror movies. Because the p-values for science fiction films (p<0.01) and crime/thriller/horror films (p<0.01) are less than the 0.05 level of significance. As a result, there is a correlation between the risk of an insider threat and habitual viewers of science fiction and Crime/Thriller/Horror. According to the above indicator, individuals who are interested in science fiction and crime/thriller/horror films are at risk for insider threats.The risk could be in terms of having sleeplessness, adrenaline rush, lack of control, negative health and social effects, feelings of guilt, neglect of duties. When it comes to insider threats, many people think of someone who will actively damage the systems. However, this is not always the case. The unpredictable behavior of employees at work may cause an unwelcome disturbance in business due to underlying psychological factors. The relationship between insider threat risk and political news interest is shown in Table 9. The majority of the 27 respondents were found to be interested in political news. Since the Political News Interest (p<0.01) p value is less than the 0.01 level of significance. Hence, there is a link between the risk of insider threats and political news interest. interest in political news increases the risk of insider threats. For instance, A simple conversation at work may turn into a debate and a conflict.       Table 14 reveals the impact of movies and political interested on Insider Threat Risk. The Wald test ("Wald" column) is used to determine statistical significance for each of the independent variables. The statistical significance of the test is found in the "Sig." column. From these results we can see that Science fiction movies interested (p<0.01), Crime/Thriller/Horror (p<0.01) and Political News Interest (p<0.05) added significantly to the model/prediction, but Family type, Cartoons and Comedy movies interested did not add significantly to the model. The model explained 72% (Nagelkerke R 2 ) of the variance in Insider Threat Risk and correctly classified 62.7% of cases. However, increasing the interested in movies like Science fiction and Crime/Thriller/Horror movies and Political News Interest was associated with an increased in the likelihood of exhibiting Insider Threat Risk.  Table 15 depicts the test when the result of the test of parallel lines, indicates non-significance, then we interpret it to mean that the assumption is correct. Statisticalsignificant is taken as an indicator that the assumption is not correct. In the results from our analysis, we interpret that the results to mean the assumption is correct (as p=.090).      Table 19 depicts the classification table for movies and political interested and Insider Threat Risk. Overall, the accuracy rate was very good at 66.7%. The model exhibits good sensitivity since among those employees who will have a habit of alcohol and less Performance appraisal rating, 91.9% were correctly predicted to habits of alcohol and less performance appraisal rating.   Table 21 commonly referred to as the test of parallel lines because the null hypothesis states that the slope coefficients in the model are the same across response categories (and lines of the same slope are parallel). If we were to reject the null hypothesis based on the significance of the Chi-Square statistic, we would conclude that ordered logit coefficients are not equal across the levels of the outcome, and we would fit a less restrictive model (i.e., multinomial logit model). If we fail to reject the null hypothesis, we conclude that the assumption holds. For our model, the proportional odds assumption appears to have held because the significance of our Chi-Square statistic is .854 > .05.

6.
Proposed Solution approach based on the statistical inference: Countering internal threats or malicious insiders can be accomplished by embracing Cyberpsychology best practices through subject matter experts and Cybersecurity practitioners. Cyberpsychology is the study of how new computing technologies-in particular, the Internet-affect how people feel, act, and think both online and offline. When applied to organizational psychology, it can assist businesses in effectively resolving the issue at hand. The most popular and simple to use strategy is the prediction model mentioned above. This document focuses on a technique for gathering the necessary data in a methodical manner from many sources, particularly employee personal information. In light of this, the following strategy has been developed. 1)Each company contains data on its personnel, including information on their age, experience, tenure, location, marital status, performance evaluations, peer and client comments, management feedback, and more.Cyberpsychology practitioners can collaborate with the HR Wellness Counseling Team or employees (through some cutting-edge initiatives) through employee engagement activities and frequently plan individual counseling activities throughout the year. Through these initiatives, they can have the employee's permission to use their personal information for recommending the best potential solutions for them, and the information will remain secure within the company's virtual private networks.
2) With the best interest of the employee's wellbeing in mind, Cyberpsychology practitioners can achieve voluntary submission of personal information such as habits, hobbies, SWOT (strength, weakness, opportunity, threat) self-assessments, medical reports, background verification report, personality traits reports, etc.
3)An insider risk prediction model can be created using the gathered data and the many professional parameters indicated in point number one above. 4)The employee may receive the individual reports in the form of psychometric test results. Of course, some businesses may already be utilizing these tactics, but they may still see a chance to expand them in order to detect hostile insiders as part of the development of a cybersecurity culture. 5)Self-control and healthy habits are the greatest ways to promote harmony and maintain the culture of safety and security so that the expense of cybersecurity services may be invested for greater business purposes.

Conclusion
In conclusion, when it comes to insider threats, many people think of someone who will actively damage the systems. However, this is not always the case. The unpredictable behavior of employees at work may cause an unwelcome disturbance in business due to underlying psychological factors. Insider threat continues to be a significant problem for all types of organizations. This study looked into insider threats and how important it is for businesses to deal with them in order to reduce risk. Insiders have emerged as a significant security concern for all businesses, as insiders can range from low-level workers to high-ranking individuals who have access to and knowledge of sensitive organizational data. In this study, majority of insider threat happened for less or low performance feedback from management, habits of alcohol, Science fiction and Crime/Thriller/Horror movies and Political News Interest was associated with an increased in the likelihood of exhibiting Insider Threat Risk. This does not necessarily be the same case for all organizations. For example, a top performer employee may also feel grumpy when the promotions do not happen timely and can become a potential malicious insider. Authors strongly believe that emotional intelligence, psychometric test-based training recommendations, Cyberpsychology oriented tools and products embedded into the tools that the employee use it on dayto-day basis as part of their business as usual can create a risk-free environment from the malicious insider threat prevention perspective. It is imperative for employee to enroll for a mindfulness session, as was already noted, various insider threats that target various organizational subsystems, such as device level, data level, corporate and business level, must be handled. Future research will concentrate on how human, organizational, and technological elements change through time in order to minimize adversarial responses and produce predictions that are more accurate. On the basis of the forecast result, a decision support system may also be created to offer recommendations for mitigating future dangers. Finally, this strategy can be made simpler by focusing only on one sort of insider threat prediction in order to make those predictions more accurate, even if the organizations would still be exposed to other insider threat categories. Cybersecurity product development organizations and service providers can transform their products and services into holistic by integrating the Cyberpsychology techniques and methods. This can happen when the organizations realize that Cybersecurity is not just a technical problem but a social problem and the solution lies in consistently understanding the mindset of people involved across the board.The solution approach proposed in this paper can be accomplished by some predictive analytics software tools however, the emphasis should be on the method of capturing the independent variables in a positive way for creating a positive culture of cybersecurity and resiliency through innovative methods of employee engagement.

8.
Conflict of Interest This document does not represent the opinions, products, or information of the author's company or business associates. If there are any parallels, it is simply coincidental, and the authors are not responsible for it.

9.
Author's Biography Jitendranath Palemholds a Master's Degree in Computer Applications from NIT (National Institute of Technology) Warangal, India. He has vast experience in Information Technology in the Quality, Statistical Process controland DataAnalytics domains. He is a certifiedLean Six sigma Blackbelt, IBM certified Artificial Intelligence (A.I)skills academy faculty SME, Advisory Data Scientist, Cognitive and Design Thinking practitioner, Microsoft certified Azure AI Fundamental professional. He has been named as an IBM inventor on a regular patent application filed with the U.S. Patent & Trademark Office in the IT services domain.He is a Certified Cyberpsychology practitioner and he has studied a diploma course in Psychology, Advanced diploma in Cyber Laws, Cognitive Behavior therapy. In addition, he is an accredited Professional Life Coach, Certified Mental Health Counselor, and Practitioner.
Sivaprakash Palaniswamy holds a Master's Degree in Computer Applications from BharathiarUniversity, Coimbatore, India. He brings his 30+ years of professional experience from various industrial sectors including banking, textiles and information technology. He has expertise in information technology services across multiple disciplines, especially in Life Sciences/Healthcare, Banking & Finance and Retail. His IT experience includes leading large-scale migration and transformation programs and also leading large service delivery teams, spread across technical domains such as cybersecurity/GRC, application management/development and infrastructure management. He holds technical certifications such as CISSP, CCSP, ITIL V3 Expert and CobiT 4.1.