Welcome to the SecAware blog

I spy with my beady eye ...

14 Nov 2017

NBlog November 13 - a rich seam

So much of human interaction involves techniques that could legitimately be called social engineering that we're spoilt for choice on the awareness front for December.  

December's topic exemplifies the limitations of "cybersecurity" with its myopic focus on IT and the Internet. Social engineers bypass, undermine or totally ignore the IT route with all its tech controls, and that's partly what makes them such a formidable threat. 

IT may be a convenient mechanism for identifying, researching and communicating with potential victims, for putting on the appearance of legitimate, trustworthy individuals and organizations, and for administering the scams, but it's incidental to the main action: fooling the people.

Maybe it's true that you can't fool all of the people all of the time, depending on precisely what is meant by 'all'. I think it's fair to say that we are all (virtually without exception) prone, predisposed or vulnerable to social engineering of one form or another. We can't help it: social interaction is genetically programmed into us and reinforced throughout our lives from the moment we're born, or even before. Some expectant mothers report their babies respond to the music and other sounds around them. A newborn baby probably recognizes its mother's and other familiar voices and sounds immediately. To what extent it trusts or could be fooled by them is a separate issue though!

The idea that we are inherently vulnerable, while powerful, is only part of the story. We're also inherently capable of social engineering. We have the capacity, the tools and capabilities to influence and manipulate others to varying extents. Again, that newborn baby is sending out an avalanche of signals to humans in the area, from the moment of its first gasp and cry. The communications may be non-verbal but they are loud and clear!

No comments:

Post a Comment