Page 27 - Cyber Warnings August 2017
P. 27

The Human Element

               Cybersecurity’s forgotten conversation

               by Oz Alashe, CEO, CybSafe

               The Human Element: Cybersecurity’s Forgotten Conversation

               Almost  all  cyber-attacks  nowadays  can  be  attributed,  in  one  way  or  another,  to  our  innate
               human psychology.


               A famous experiment was conducted in the 1960s by Stanley Milgram, a Yale psychologist who
               was  studying  the  limits  of  human  obedience.  Milgram’s  experiment  was  based  on  two
               participants: a “teacher” and a “learner”.

               The “teacher” was told to ask question to the “learner” and to administer an electric shock every
               time the “learner” made a mistake, increasing the level of shock each time.  While the “learner”
               was  an  actor  pretending  to  be  the  recipient  of  fake  electric  shocks,  all  the  “teachers”  were
               oblivious–  under  the  impression  that  the  shocks  were  real.  65%  continued  to  the  final,
               ‘dangerous’ shock.

               The Milgram experiment illustrates just how obedient humans can be – dangerously so – when
               asked to comply. The test goes a long way toward explaining why phishing scams have such a
               surprisingly high success rate; very simply, humans go out of their way to comply with requests.

               Emotional exploitation

               Our tendency for compliance isn’t our only shortcoming. It’s our emotionality as a whole that’s
               the problem. Feelings of curiosity, eagerness, boredom serve exceptionally well as catalysts for
               a successful phishing attack.

               Trust,  in  combination  with  our  proven  willingness  to  comply  to  requests,  is  a  particularly  key
               driver for phishing. Hackers succeed more, for example, when they use logos of companies that
               people have confidence in, such as Google and Amazon, as a part of phishing emails.

               Hubris is another a critical accelerator for phishing attacks, and this explains why, statistically,
               technology  employees  are  no  less  susceptible  than  other  workers.  People  in  information
               security may think they are smarter than the general population when it comes to cyber security,
               and with some irony, this puts them at greater risk.

               Alongside  hubris  is  the  issue  of  complacency:  many  people  fall  victim  to  phishing  attempts
               because they are checking their email while walking or talking. It’s easier, for instance, to get
               someone to click on a malicious link on their phone.

               In  the  wake  of  a  cyber  security  incident,  fear  and  embarrassment  often  become  involved.
               According to research, around one in four workers have hidden cyber security incidents from
               their employers in order to avoid punishment, and employees at 40 per cent of firms around the
               world  have  swept  incidents  under  the  carpet,  with  the  likelihood  increasing  at  larger
               organisations.

                    27   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   22   23   24   25   26   27   28   29   30   31   32