Seductive security - Art of seduction
Apr 22, 2015
The art of seduction, looking how behavior psychology can influence the perception of information security. How cialdini principles of influence are used in phishing attacks, and viral marketing.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The perception of information security in a modern business.
Behaviour
F INANCE
TELECOMMS
HEALTHCARE
RETAI L
TECHNOLOGY
DEFENCE
Users
Human behaviour
Human engineering
Carnegie Institute of Technology 85 per cent of your success is due to skills in “human engineering,” your personality and ability to communicate, negotiate, and lead. only 15 per cent is due to technical knowledge.
User experience...
5
Effective security changes peoples behaviour in a subtle way. Behavioural psychology is becoming even more important for security practitioners, helping to influence executive decisions, and also to change peoples perspectives around security, and its misconceptions. Ultimately reducing risk, increasing value, and saving time.
You need to win hearts and minds. To do that, think differently…
Security Perception
Challenging Stereotypes
7
Survival of the fittest Information Security just like the business or brand it protects, must evolve and become best “fitted,” or best “adapted,” to its environment for it to survive, and help the business to grow.
The evolution of security
AGILE FLEXIBLE
ADAPT OR DIE
ADAPTABLE BOLD
Fortress Mentality
STATIC
SLOW
INEFFICIENT
Flexible Framework
AGILE
ADAPTABLE
EVOLVING
Security as a brand
11
Security PR – spin doctors
By making security engaging, it gains more acceptance.
Security should be a positive experience for the majority of people
Acceptance, is not only good for the business, it is good for you.
Try to make security fun for your constituents, while still getting the “message” across.
Making IT personal
Security has to appear human, and not a soulless destroyer of worlds.
NO!!!
IT Savvy – only human
I have won a free iPad!
O’Really…
The Art of
Seduction*
*or, “How Information Security can improve your sex life.”
“Phishing is the act of attempting to acquire information by masquerading as a trustworthy entity in an electronic communication”
Social Enginnering & Phishing
16
Who engages in social engineering Who Uses Social Engineering
We All do.
HACKERS
POLITICIANS
SALESMEN
SPIES
SCAM / CON MEN
PUA
ACTORS
MARKETERS
The Psychology of Seduction
1. Reciprocation (Favours)
2. Commitment
3. Social values
4. Liking
5. Authority
6. Scarcity
Reciprocation
We are hard-wired to respond to a
favour or gift, often not in direct
proportion to the size of the favour
done to us.
Commitment and Consistency
Once we make a choice or take a
stand, we will encounter personal
and inter-personal pressures to
behave consistently with that
commitment.
When we “commit” we want to
believe in a positive outcome.
The Principle of Social Proof
We view a behaviour to be more
correct in a given situation to the
degree that we see others
performing it.
By leveraging the power of social
networking sites such as LinkedIn
and Facebook.
The Principle of Liking
Not a difficult principle to
understand, we prefer to say yes
to requests from someone we
know and like.
The Principle of Authority
Once we realize that obedience to
authority is mostly rewarding, it is
easy to allow ourselves the
convenience of automatic
obedience.
The Principle of Scarcity
One of the most common tactics
is to build time pressure. The
scarcity of time often makes
people comply with requests in
violation of their policies and their
own common sense.
Gamification
Competition Engagement Increase Loyalty Builds Empathy Improves awareness
Trick or Treat
Positive reinforcement
Negative reinforcement
Risk reduction
Find out what people fear…
…Then make it go away.
test
Waterhole’s Social proof = Social behaviour = your social profile
Creatures of habit Social engineering and phishing
works, as we are programmed to
have “rituals”, and the majority of
things we do day to day are
habitual.
Rituals = Patterns of behaviour
Same websites Favourite food
Friendships Social networks
Waterholes exploit your social
patterns, behaviour and rituals.
Asymmetric warfare
INTERNET
Home network Corporate network
Asymmetric warfare
Friends and Family
The art of Seduction Seducers draw you in by focused individualised attention Choose the right victim – study your prey thoroughly and choose only those susceptible to your charms Create a false sense of security – if you are too direct early on, you risk stirring up resistance and that will never be lowered An object of desire – to draw your victim closer, create an aura of desirability Create temptation – find the weakness of theirs, keep it vague and stimulate curiosity Pay attention to detail – the details of seduction, subtle gestures, thoughtful gifts tailored for them
Recap
THANK YOU
Related Documents
