Cathy Hubbs, the Chief Information Security Officer at American University, holds an intricate job which entails identifying digital risks, as well as maintaining the University’s information security program. This is imperative to protect technologies and services faculty, staff, and students use on American’s campus every day.
As a part of National Cyber Security Awareness Month, Hubbs visited Elon to give a talk on the human behavior side of cyber security data breaches. What makes us vulnerable? How do hackers use the art of persuasion to manipulate us, and gain access to our networks? See key insights from Hubbs’ early October talk below.
The behavioral aspects of hacking
Hackers are masters of the art of persuasion; they know how to exploit natural human tendencies in order to gain access to computers and networks. Be aware if you are engaging in the following processes or behaviors on the web – you may be the target of hacking or phishing.
Humans feel obligated to give back when we receive a gift or a favor. Therefore, if we are given something free by way of the internet, we may feel more obligated to trade personal information. An example of reciprocity would be providing a technologist with free study materials in exchange for sensitive information.
Once we make a choice, we have internal pressure to behave consistently with that commitment. This is to say that if we have offered up some kind of information to an online site, we feel comfortable giving more when asked. The example Hubbs offered was about a real-life scenario where people came into an office posed as auditors and began asking about sensitive company information. Once company officials had allowed the false audit to begin, they led the “auditors” to more and more company information in order to facilitate the commitment to an audit to which they had previously agreed.
Once humans determine what is correct, the principle of social proof applies to the way we decide what constitutes correct behavior. A perfect example of social proof is seen in your Facebook or LinkedIn profile. If you have put a lot of effort into maintaining and perfecting your presence on social websites, you will expect others to have done the same. This principle may lead us to falsely trust profiles that may belong to hackers.
It’s probably not surprising to learn that psychologically, humans prefer to say yes to requests from someone we know and like. Hackers develop likeable and appealing presences online, or in some cases, they will recruit attractive or charming people who already have a large social network to help them phish for information.
It is our inability to resist psychological power wielded by authority. As such, if a hacker poses as someone in a superior position, like an FBI agent or government official, we are more likely to give up sensitive information when we think they are authentic.
We place value on items that we believe are in short supply. Hackers, knowing this, will phrase phishing emails with urgency, making the receiver think that if they don’t act now on a certain offer, they will not be able to partake.
If you are worried that you are the target of hacking or phishing, contact email@example.com. Looking to learn more? Check out Cathy’s talk (you must have Elon University credentials to access the video).