Date post: | 22-Apr-2015 |
Category: |
Technology |
Upload: | b-coatesworth |
View: | 231 times |
Download: | 7 times |
Human engineering
Carnegie Institute of Technology 85 per cent of your success is due to skills in “human engineering,” your personality and ability to communicate, negotiate, and lead. only 15 per cent is due to technical knowledge.
5
Effective security changes peoples behaviour in a subtle way. Behavioural psychology is becoming even more important for security practitioners, helping to influence executive decisions, and also to change peoples perspectives around security, and its misconceptions. Ultimately reducing risk, increasing value, and saving time.
You need to win hearts and minds. To do that, think differently…
Security Perception
7
Survival of the fittest Information Security just like the business or brand it protects, must evolve and become best “fitted,” or best “adapted,” to its environment for it to survive, and help the business to grow.
The evolution of security
AGILE FLEXIBLE
ADAPT OR DIE
ADAPTABLE BOLD
11
Security PR – spin doctors
By making security engaging, it gains more acceptance.
Security should be a positive experience for the majority of people
Acceptance, is not only good for the business, it is good for you.
Try to make security fun for your constituents, while still getting the “message” across.
“Phishing is the act of attempting to acquire information by masquerading as a trustworthy entity in an electronic communication”
Social Enginnering & Phishing
16
Who engages in social engineering Who Uses Social Engineering
We All do.
HACKERS
POLITICIANS
SALESMEN
SPIES
SCAM / CON MEN
PUA
ACTORS
MARKETERS
The Psychology of Seduction
1. Reciprocation (Favours)
2. Commitment
3. Social values
4. Liking
5. Authority
6. Scarcity
Reciprocation
We are hard-wired to respond to a
favour or gift, often not in direct
proportion to the size of the favour
done to us.
Commitment and Consistency
Once we make a choice or take a
stand, we will encounter personal
and inter-personal pressures to
behave consistently with that
commitment.
When we “commit” we want to
believe in a positive outcome.
The Principle of Social Proof
We view a behaviour to be more
correct in a given situation to the
degree that we see others
performing it.
By leveraging the power of social
networking sites such as LinkedIn
and Facebook.
The Principle of Liking
Not a difficult principle to
understand, we prefer to say yes
to requests from someone we
know and like.
The Principle of Authority
Once we realize that obedience to
authority is mostly rewarding, it is
easy to allow ourselves the
convenience of automatic
obedience.
The Principle of Scarcity
One of the most common tactics
is to build time pressure. The
scarcity of time often makes
people comply with requests in
violation of their policies and their
own common sense.
Creatures of habit Social engineering and phishing
works, as we are programmed to
have “rituals”, and the majority of
things we do day to day are
habitual.
Rituals = Patterns of behaviour
Same websites Favourite food
Friendships Social networks
Waterholes exploit your social
patterns, behaviour and rituals.
The art of Seduction Seducers draw you in by focused individualised attention Choose the right victim – study your prey thoroughly and choose only those susceptible to your charms Create a false sense of security – if you are too direct early on, you risk stirring up resistance and that will never be lowered An object of desire – to draw your victim closer, create an aura of desirability Create temptation – find the weakness of theirs, keep it vague and stimulate curiosity Pay attention to detail – the details of seduction, subtle gestures, thoughtful gifts tailored for them