Podcast: Play in new window | Download (Duration: 13:54 — 12.8MB)
Subscribe: Apple Podcasts | Google Podcasts | Stitcher | Email | TuneIn | RSS
Liverpool-based Jenny Radcliffe, who leads Human Factor Security, is not your typical hacker, clad in a black hoodie and working out of basement. Rather than spending her time hunched over a keyboard, she seeks to hack people.
What does that mean? As she explains in this podcast, she uses persuasion, psychology and influence methods to make her way into systems, and even into physical premises. She is often hired to break alarms and see if she can talk her way into a building.
She does it by capitalizing on the all-too-human aspects of our personalities, and from her experiences she has learned how phishing emails and other techniques also capitalize on human weaknesses to enable hackers to breach computer systems.
What’s both terrifying and fascinating, is how hackers take advantage of our weaknesses, tailoring their attacks, knowing that different scams work for different people and cultures. In fact, she explains that the organization culture you have, is the hack you invite. In a hierarchical organization the hacker will likely use authority principles. In a younger, less rules-driven culture attackers may use registration for a social activity as a way to steal passwords and IDs.
Hackers also take advantage of human emotions and stress. As she memorably says, “Emotion kicks logic off the cliff.” That’s why techniques such as promising a prize or threatening the release of embarrassing information can be so successful in getting people to click where they shouldn’t.
She advises companies create “cognitive firewalls” within their organization, helping employees to watch for red flags such as:
- Any approach via email, call or social media that makes the recipient emotional
- The mentioning of money
- The request to act, especially if asked to act quickly
How else can you protect your organization? By making it safe for people to come forward when they make a digital mistake. The more comfortable they are coming forward, the faster they will and the sooner the breach is remediated.
And how do you find the internal bad actor? That, she says, falls on the shoulders of line managers, who need to be on the lookout for changes of behavior that may indicate stress.
Listen in to learn more, including the risks that can come as employees return to the workplace.