**5. Discussion**

In this study, a literature review for the period 2019 to 2021 was carried out. Textmining was used to determine the most addressed topics in chosen papers in the area of cybersecurity. This exploratory analysis focused on the most relevant used words in the content. The words we found included security, attack, detection, networks, machine learning, and power. This result made us deduce that cybersecurity research has been related to detecting cyberattacks on electricity grids through machine learning in recent years. Another finding in our literature review was that the mainstream research has been dedicated to implementing proactive cybersecurity. Cognitive science is being applied for this purpose. We actually found relevant contributions in which machine learning and deep learning-based solutions were proposed. Figure 13 shows the percentage of works that use machine learning and deep learning, respectively, from the papers included in the literature review that we carried out.

**Figure 13.** Deep Learning vs. Machine Learning.

The period 2019 to 2021 was atypical in the way some activities were carried out worldwide due to it being in the context of a pandemic driven by COVID-19. In this context,

the reasoning in some sectors has to consider the greater use of technological resources, such as tele-education, tele-health, government, and private electronic services. From the perspective of the digital transformation of organizations and cities, the pandemic was an essential accelerator in the adoption of technologies in specific sectors. It made organizations and people more dependent on technological resources. However, this context generated the need to address essential aspects of cybersecurity. For example, children increased their availability of internet connections, increasing their exposure to online risks [105]. Organizations based their logistics and supply chain processes on internet-based technologies, expanding the attack surface [106]. The inclusion of IoT for data collection and process automation increases the need to acquire an end-to-end secure IoT environment [107]. The use of social engineering attacks based on the human need to obtain information about the pandemic increased their probability of accessing fake news or being a victim of social engineering attacks [108].

During the same period, 2019–2021, even within the context of the pandemic, there was no reduction in attacks on organizations' information systems or the impact on people through social engineering attacks. The literature review carried out for the perid 2019–2021 showed that the financial, energy, and healthcare services were the most attacked, and the fastest-growing attacks were DDoS, Ransomware, Mobile malware, and Phishing. This context highlighted the need for organizations to strengthen their cybersecurity strategies concerning:


While from a user perspective, it highlighted the need to generate more awareness concerning:


Faced with this continuous growth of cybersecurity attacks and the need to improve security strategies to protect people and organizations, the literature review carried out shows that research has promoted the use of learning techniques as a resource to strengthen their security strategies, specifically to automate activities such as behavior pattern, attack pattern, anomaly detection, and anomaly identification. The most-used learning techniques in the cybersecurity domain correspond to Decision Tree, k-nearest neighbors, Random Forest, Naive Bayes, Recurrent Neural Networks (RNNs), generative adversarial networks, deep learning, deep reinforcement learning, and deep transfer learning, and you can see a growing interest in what corresponds to deep learning. Although game theory is not new in its application to cybersecurity, it has had significant growth in recent years, especially in improving decision-making processes related to cybersecurity in the financial, energy, and critical infrastructure sectors.

This finding encourages future work to understand how security organizations and specialists are preparing to adopt cognitive techniques based on learning as a security strategy. It has also proposed a possible future analysis of how our organizations can have their learning capacity (situational awareness and self-awareness) capable of establishing that it is being attacked and can establish a level of resilience. From the user's perspective, it highlights how these learning techniques can be used to strengthen cognitive processes in detecting security attacks, especially those based on social engineering techniques.

The design of cognitive models applied in cybersecurity compared to traditional security methods is based on obtaining or abstracting information from the user's cognitive processes, organization, and adversary roles, for which a cognitive model could define the following steps:

	- A. Cognitive processes Observe–Orient–Decide–Act model (OODA);
	- B. the Monitor–Analyze–Plan–Execute model (MAPE-K).
	- A. Users' or analysts' cognitive processes;
	- B. The adversary's behavioral characteristics.
