According to the Global State of Information Security Survey 2018 by PWC, 27% of cyber breach incidents are the result of an employee action. Upon doing some more digging into large cases of cyber attack, the term social engineering kept cropping up. Within an information security context, social engineering can be understood as ‘ the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.’ In many ways, this concept appeared more important than the tech itself; a phishing email is no good if nobody clicks on the link. Appealing to human fear, interest and expectation for normal online interaction can provoke a panicked irrational response which in the light of day sounds implausible. Let’s consider some examples to illustrate this point.
REVETON 2012
This cyber attack used a pop up claiming the device had been used for illicit behaviour and an immediate fine was required. To further drive home the veracity of the request, a webcam recording was included. We have all seen that black mirror episode, and this tactic worked well, with many individuals opting to pay the fine to make the elusive ‘criminal activity’ disappear.
TORRENT-LOCKER/ CRYPTO LOCKER F 2014
A ransomware attack dependent upon phishing emails avoided malware detection software by first directing victims to a legitimate website. Following their arrival on the site the individual was asked to enter a CAPTCHA code regarding a missed delivery, a request that would hardly raise eyebrows. Upon completing this entry, a pop up appeared and data was stolen, requiring payment for the retrieval of the stolen files.
What these two examples serve to demonstrate is that we are more fallible than we like to believe. It’s not always as easy to detect an attempt at gaining access to your computer as the scam email I received from Bill Gates earlier this year wanting to give me however many billion dollars for no particular reason. (See below for reference) and a lot of work goes into understanding what will make you click, pay up and react before thinking.
To bring this brief post full circle, I am proposing a broader consideration of social factors to counter the successes of social engineering. Behavioural economics highlights the significance of nudge theory to encourage and steer people towards ‘correct’ or ‘rational’ decisions. Why should this not be applicable to cyber security? Companies are already grabbing hold of this and trying to innovate when pursuing the cultural shift necessary to recognise and combat cyber crime. Even something as simple as a thank you email to employees practicing good cyber hygiene has been shown to have a positive impact. So maybe it’s possible to play the cyber criminals at their own game and socially engineer businesses to exude good cyber practice, awareness and consideration.
Creative Web Studio - The Cyber Defense Company bietet als zertifiziertes Unternehmen lösungsorientierte und zeitgemässe ICT-Services für KMUs an Hauptfokus: Cloud, IT-Security und Informatik.The Cyber Defense Company
ReplyDeleteI was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. best security company in singapore
ReplyDeleteI found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... https://best-seo-singapore.blogspot.com/2021/09/take-look-at-pinnacle-security-firms-in.html
ReplyDeleteI was looking at some of your posts on this website and I conceive this web site is really instructive! Keep putting up.. https://securityguardagency2345.blogspot.com/2021/09/guard-agency-offerings-provide-and.html
ReplyDeleteHello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. best cambodian security company
ReplyDeleteI have been checking out a few of your stories and i can state pretty good stuff. I will definitely bookmark your blog princesecurityservice.com
ReplyDeleteThat appears to be excellent however i am still not too sure that I like it. At any rate will look far more into it and decide personally! security company in cambodia
ReplyDeleteThanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. security services
ReplyDeleteMost of the time I don’t make comments on websites, but I'd like to say that this article really forced me to do so. Really nice post! https://penzu.com/p/7a1e7bc2
ReplyDeleteI found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. https://bestsecuritycompany.jimdosite.com/
ReplyDeleteThis is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post! security service in cambodia
ReplyDeleteWe are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up. Great work. security guard
ReplyDeleteprecision machining Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though.
ReplyDeleteWow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though. Cambodia security services
ReplyDeleteI would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. Thanks... https://site-7255119-686-9329.mystrikingly.com
ReplyDeleteWhen you use a genuine service, you will be able to provide instructions, share materials and choose the formatting style. best security company in cambodia
ReplyDeleteI found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... security company in phnom penh
ReplyDeleteWow, excellent post. I'd like to draft like this too - taking time and real hard work to make a great article. This post has encouraged me to write some posts that I am going to write soon. https://securityserviceincambodia966140255.wordpress.com/
ReplyDeleteIt was wondering if I could use this write-up on my other website, I will link it back to your website though.Great Thanks. best security services to get
ReplyDeleteAwesome article. Really looking forward to read more. Keep writing.
ReplyDeletesecurity guard phnom penh
This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. cctv camera
ReplyDeleteReally I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. https://security-s-school-e447.thinkific.com/courses/your-first-course
ReplyDeleteYou made such an interesting piece to read, giving every subject enlightenment for us to gain knowledge. Thanks for sharing the such information with us to read this... private security company
ReplyDeleteThis is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. best security guard sihanoukville
ReplyDeleteReally I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. https://penzu.com/p/c6fb271f
ReplyDelete
ReplyDeleteInstagram boosts your scope and commitment. Instagram has multiple times more reach and supporter commitment than Facebook, and a surprising multiple times more reach than Twitter. best temp email
This particular is usually apparently essential and moreover outstanding truth along with for sure fair-minded and moreover admittedly useful My business is looking to find in advance designed for this specific useful stuffs… https://mulligan75.wixsite.com/my-site/post/the-best-security-guard-training
ReplyDelete