Seductive security - Art of seduction

729 views
461 views

Published on

The art of seduction, looking how behavior psychology can influence the perception of information security. How cialdini principles of influence are used in phishing attacks, and viral marketing.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
729
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Seductive security - Art of seduction

  1. 1. The perception of information security in a modern business.
  2. 2. Behaviour F I N A N C E T E L E C O M M S H E A L T H C A R E R E T A I L T E C H N O L O G Y D E F E N C E Users Human behaviour
  3. 3. Human engineering Carnegie Institute of Technology 85 per cent of your success is due to skills in “human engineering,” your personality and ability to communicate, negotiate, and lead. only 15 per cent is due to technical knowledge.
  4. 4. User experience...
  5. 5. 5 Effective security changes peoples behaviour in a subtle way. Behavioural psychology is becoming even more important for security practitioners, helping to influence executive decisions, and also to change peoples perspectives around security, and its misconceptions. Ultimately reducing risk, increasing value, and saving time. You need to win hearts and minds. To do that, think differently… Security Perception
  6. 6. Challenging Stereotypes
  7. 7. 7 Survival of the fittest Information Security just like the business or brand it protects, must evolve and become best “fitted,” or best “adapted,” to its environment for it to survive, and help the business to grow. The evolution of security AGILEFLEXIBLE ADAPT OR DIE ADAPTABLE BOLD
  8. 8. Fortress Mentality STATIC SLOW INEFFICIENT
  9. 9. Flexible Framework AGILE ADAPTABLE EVOLVING
  10. 10. Security as a brand
  11. 11. 11 Security PR – spin doctors By making security engaging, it gains more acceptance. Security should be a positive experience for the majority of people Acceptance, is not only good for the business, it is good for you. Try to make security fun for your constituents, while still getting the “message” across.
  12. 12. Making IT personal Security has to appear human, and not a soulless destroyer of worlds. NO!!!
  13. 13. IT Savvy – only human I have won a free iPad! O’Really…
  14. 14. The Art of Seduction* *or, “How Information Security can improve your sex life.”
  15. 15. “Phishing is the act of attempting to acquire information by masquerading as a trustworthy entity in an electronic communication” Social Enginnering & Phishing
  16. 16. 16 Who engages in social engineeringWho Uses Social Engineering We All do. HACKERS POLITICIANS SALESMEN SPIES SCAM / CON MEN PUA ACTORS MARKETERS
  17. 17. The Psychology of Seduction 1. Reciprocation (Favours) 2. Commitment 3. Social values 4. Liking 5. Authority 6. Scarcity
  18. 18. Reciprocation We are hard-wired to respond to a favour or gift, often not in direct proportion to the size of the favour done to us.
  19. 19. Commitment and Consistency Once we make a choice or take a stand, we will encounter personal and inter-personal pressures to behave consistently with that commitment. When we “commit” we want to believe in a positive outcome.
  20. 20. The Principle of Social Proof We view a behaviour to be more correct in a given situation to the degree that we see others performing it. By leveraging the power of social networking sites such as LinkedIn and Facebook.
  21. 21. The Principle of Liking Not a difficult principle to understand, we prefer to say yes to requests from someone we know and like.
  22. 22. The Principle of Authority Once we realize that obedience to authority is mostly rewarding, it is easy to allow ourselves the convenience of automatic obedience.
  23. 23. The Principle of Scarcity One of the most common tactics is to build time pressure. The scarcity of time often makes people comply with requests in violation of their policies and their own common sense.
  24. 24. Gamification Competition Engagement Increase Loyalty Builds Empathy Improves awareness
  25. 25. Trick or Treat Positive reinforcement Negative reinforcement
  26. 26. Risk reduction Find out what people fear… …Then make it go away.
  27. 27. test Waterhole’s Social proof = Social behaviour = your social profile
  28. 28. Creatures of habit Social engineering and phishing works, as we are programmed to have “rituals”, and the majority of things we do day to day are habitual. Rituals = Patterns of behaviour Same websites Favourite food FriendshipsSocial networks Waterholes exploit your social patterns, behaviour and rituals.
  29. 29. Asymmetric warfare INTERNET Home network Corporate network
  30. 30. Asymmetric warfare Friends and Family
  31. 31. The art of Seduction Seducers draw you in by focused individualised attention Choose the right victim – study your prey thoroughly and choose only those susceptible to your charms Create a false sense of security – if you are too direct early on, you risk stirring up resistance and that will never be lowered An object of desire – to draw your victim closer, create an aura of desirability Create temptation – find the weakness of theirs, keep it vague and stimulate curiosity Pay attention to detail – the details of seduction, subtle gestures, thoughtful gifts tailored for them
  32. 32. Recap THANK YOU

×