Cyber Security Should Consider Human Emotion and Social Engineering

Sue Marquette Poremba
Slide Show

The Cost of Cyber Crime

Cyber attacks continue to occur frequently and result in serious financial consequences for businesses and government institutions.

I watched President Obama's address to Congress on Thursday night, and afterwards, rather than go into the usual post-speech break-down, the pundits immediately announced the news of a potential 9-11 terror threat. That news made the actions of the Script Kiddies even more alarming than the usual hack attacks.


On Friday, the hacking group allegedly broke into the NBC News Twitter feed to announce "breaking news" of a terrorist attack on the Ground Zero site. None of the attacks from the various anonymous groups or Anonymous spin-offs should be tolerated, but frankly, this one was outright cruel. I was glad to read that the FBI is all over it. In fact, The Associated Press reported that the FBI, Homeland Security and other law enforcement and government agencies are taking the actions of the hackers very seriously and are making arrests.


To me, the hacked Twitter account is a good indication of where we are in terms of cyber security over the past decade. An article posted to discusses how things have progressed over the past 10 years - how we have to worry about malware like Stuxnet, the rise of mobile devices and how they've changed the cyber landscape. It also pointed out that our current thinking of cyber security has to change. If it is something that can be operated by a computer, there is a good chance it will eventually be targeted by bad guys. The article also went on to say:

The fact of the matter is that more of the activities we do and the devices we use every day are connected to the Web. It shouldn't come as much of a surprise that attackers are expected to exploit this trend. So one additional thing to keep an eye on is the escalated struggle we will have in balancing new technology's capabilities and our privacy.

I think that's a very important point. What the article didn't mention, however, is how social engineering plays off our attachment to our computers, to social media and to the devices that make our world go round.


To see how important social engineering is to cyber attacks, take a good look at any social media feed. Two or three times a week, I see warning messages on Facebook, the same ones over and over again (often by the same group of friends) who are simply reacting to something they've heard, and not thinking logically or taking the time to investigate its legitimacy before passing along the item. Taking advantage of one of the emotional triggers - fear - that can cause irrational acts has to be considered in the way we think of cyber security in a changing world. Technology will change; the way humans react will not.

Add Comment      Leave a comment on this blog post
Sep 13, 2011 5:05 AM George V George V  says:

I for one would highly recommend watching one of the guys from IOActive Mike Ridpath Social Engineering through the phone talks. They are amazing. I was really surprised at how easily obtainable information can be when on the other end a professional social engineer is at work.

Sep 26, 2011 8:27 AM HongwenZhangWedge HongwenZhangWedge  says:

While I agree these attacks are cruel, it's the same social engineering that causes these attacks to be successful. Trusting your friend is sharing a safe video is exactly what the hacker is relying on. The only way to prevent these attacks completely is by being conscious and cautious of what you click on. With enterprises allowing the use of social media and mobile devices on internal networks, they are at risk of data breaches. One of the ways they can protect themselves is by ensuring network layer Data Leakage Prevention (DLP) to prevent the outflow of user data. Our company, Wedge Networks continues to lead the efforts through Deep Content Inspection to prevent the good things from flowing out and the bad things from flowing in.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.