Cyber Security; it’s the social engineering, stupid

In preparation for an interview this week I have been researching all things cyber security. As someone from a non-technical degree and devoid of the capacity to code, I have been searching for ways to relate my own understanding and experience to this position. It turns out, this has been easier than I envisaged.
According to the Global State of Information Security Survey 2018 by PWC, 27% of cyber breach incidents are the result of an employee action. Upon doing some more digging into large cases of cyber attack, the term social engineering kept cropping up. Within an information security context, social engineering can be understood as ‘ the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.’ In many ways, this concept appeared more important than the tech itself; a phishing email is no good if nobody clicks on the link. Appealing to human fear, interest and expectation for normal online interaction can provoke a panicked irrational response which in the light of day sounds implausible. Let’s consider some examples to illustrate this point.

REVETON 2012
This cyber attack used a pop up claiming the device had been used for illicit behaviour and an immediate fine was required. To further drive home the veracity of the request, a webcam recording was included. We have all seen that black mirror episode, and this tactic worked well, with many individuals opting to pay the fine to make the elusive ‘criminal activity’ disappear.



TORRENT-LOCKER/ CRYPTO LOCKER F 2014
A ransomware attack dependent upon phishing emails avoided malware detection software by first directing victims to a legitimate website. Following their arrival on the site the individual was asked to enter a CAPTCHA code regarding a missed delivery, a request that would hardly raise eyebrows. Upon completing this entry, a pop up appeared and data was stolen, requiring payment for the retrieval of the stolen files.

What these two examples serve to demonstrate is that we are more fallible than we like to believe. It’s not always as easy to detect an attempt at gaining access to your computer as the scam email I received from Bill Gates earlier this year wanting to give me however many billion dollars for no particular reason. (See below for reference) and a lot of work goes into understanding what will make you click, pay up and react before thinking.



To bring this brief post full circle, I am proposing a broader consideration of social factors to counter the successes of social engineering. Behavioural economics highlights the significance of nudge theory to encourage and steer people towards ‘correct’ or ‘rational’ decisions. Why should this not be applicable to cyber security? Companies are already grabbing hold of this and trying to innovate when pursuing the cultural shift necessary to recognise and combat cyber crime. Even something as simple as a thank you email to employees practicing good cyber hygiene has been shown to have a positive impact. So maybe it’s possible to play the cyber criminals at their own game and socially engineer businesses to exude good cyber practice, awareness and consideration.

27 comments:

  1. Creative Web Studio - The Cyber Defense Company bietet als zertifiziertes Unternehmen lösungsorientierte und zeitgemässe ICT-Services für KMUs an Hauptfokus: Cloud, IT-Security und Informatik.The Cyber Defense Company

    ReplyDelete
  2. I was reading some of your content on this website and I conceive this internet site is really informative ! Keep on putting up. best security company in singapore

    ReplyDelete
  3. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... https://best-seo-singapore.blogspot.com/2021/09/take-look-at-pinnacle-security-firms-in.html

    ReplyDelete
  4. I was looking at some of your posts on this website and I conceive this web site is really instructive! Keep putting up.. https://securityguardagency2345.blogspot.com/2021/09/guard-agency-offerings-provide-and.html

    ReplyDelete
  5. Hello I am so delighted I located your blog, I really located you by mistake, while I was watching on google for something else, Anyways I am here now and could just like to say thank for a tremendous post and a all round entertaining website. Please do keep up the great work. best cambodian security company

    ReplyDelete
  6. I have been checking out a few of your stories and i can state pretty good stuff. I will definitely bookmark your blog princesecurityservice.com

    ReplyDelete
  7. That appears to be excellent however i am still not too sure that I like it. At any rate will look far more into it and decide personally! security company in cambodia

    ReplyDelete
  8. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. security services

    ReplyDelete
  9. Most of the time I don’t make comments on websites, but I'd like to say that this article really forced me to do so. Really nice post! https://penzu.com/p/7a1e7bc2

    ReplyDelete
  10. I found your this post while searching for some related information on blog search...Its a good post..keep posting and update the information. https://bestsecuritycompany.jimdosite.com/

    ReplyDelete
  11. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post! security service in cambodia

    ReplyDelete
  12. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up. Great work. security guard

    ReplyDelete
  13. precision machining Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though.

    ReplyDelete
  14. Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though. Cambodia security services

    ReplyDelete
  15. I would like to thank you for the efforts you have made in writing this article. I am hoping the same best work from you in the future as well. Thanks... https://site-7255119-686-9329.mystrikingly.com

    ReplyDelete
  16. When you use a genuine service, you will be able to provide instructions, share materials and choose the formatting style. best security company in cambodia

    ReplyDelete
  17. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... security company in phnom penh

    ReplyDelete
  18. Wow, excellent post. I'd like to draft like this too - taking time and real hard work to make a great article. This post has encouraged me to write some posts that I am going to write soon. https://securityserviceincambodia966140255.wordpress.com/

    ReplyDelete
  19. It was wondering if I could use this write-up on my other website, I will link it back to your website though.Great Thanks. best security services to get

    ReplyDelete
  20. Awesome article. Really looking forward to read more. Keep writing.
    security guard phnom penh

    ReplyDelete
  21. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. cctv camera

    ReplyDelete
  22. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. https://security-s-school-e447.thinkific.com/courses/your-first-course

    ReplyDelete
  23. You made such an interesting piece to read, giving every subject enlightenment for us to gain knowledge. Thanks for sharing the such information with us to read this... private security company

    ReplyDelete
  24. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. best security guard sihanoukville

    ReplyDelete
  25. Really I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. https://penzu.com/p/c6fb271f

    ReplyDelete

  26. Instagram boosts your scope and commitment. Instagram has multiple times more reach and supporter commitment than Facebook, and a surprising multiple times more reach than Twitter. best temp email

    ReplyDelete
  27. This particular is usually apparently essential and moreover outstanding truth along with for sure fair-minded and moreover admittedly useful My business is looking to find in advance designed for this specific useful stuffs… https://mulligan75.wixsite.com/my-site/post/the-best-security-guard-training

    ReplyDelete