Dr. Erik J. Huffman of Handshake Leadership shared a slightly dark yet insightful session at Rocky Mountain Information Security Conference (RMISC) last week about Cyberpsychology: this is your brain on cyber. Full of dark and menacing images straight out of a Purge movie, he goes on to explain how cybersecurity is more closely related to psychology than computer science. That covid made the world technology dependent instead of the previous state of reliant and now the world is approx. 432 hackers versus 363 security professionals. The statistic visualizations below show: 1) The amount of monetary damage caused by reported cyber crime to the IC3 from 2001 to 2020 2) The number of data compromises and impacted individuals He shared that a startling 94% of hackers start with people instead of technology (this was echoed by many presentations at the conference - that people are the target, not tech). This is not balanced by the 78% of security professionals that focus on technical protections before people. Tech provides advantages for social engineering and persuasion: * More persistent than humans * Offers anonymity * Manages large amounts of data * Targets millions in seconds * Can use modalities to influence * Can go where humans cannot The Principles of Influence: - Reciprocity - Commitment and Consistency - Social Proof - Liking - Authority - Scarcity He shared the case study of a fake restaurant in the UK, the Shed at Dulwich (google it!) He went into the psychology of the brain, the Limbic System and Amygdala Hijacking, when a person’s emotional response is immediate, overwhelming, and immeasurable. Eric explained the Phases of Deployment: 1. Comfort Zone Establishment 2. Engagement Control 3. Attack 4. Confirmation His research found: * younger people were more likely to share passwords than older * one subscale is significant, perseverance - measuring the ability to remain with a task until completion and avoid becoming bored. * those who score high on self-monitoring were significantly more likely to share password compared to those who score low * cybersecurity knowledge does not matter * cyber pros revealed information just as often as everyone else! He explained the Enneagram Attack Vectors: - Perfectionist - The helper - The achiever - Individualist - Thinker - Guardian - Optimist - Challenger - Mediator Eric also explained how our Myers-Briggs letters correlate to cognitive functions: hero, parent, child and inferior types. The Big 5 Model for Cyber Victims: * Extraversion * Agreeableness * Conscientiousness * Emotional Stability * Open to new experiences The most risky personality trait? Impulsiveness! Cybersecurity is a decision based science. So what can you do? Threat and Coping Appraisals He concludes "It's not a matter of if but when". Thank you again to Dr. Erik J. Huffman of Handshake Leadership! #datamanagement #businessintelligence #dataanalytics #datasecurity #datagovernance #datastrategy #datainitiatives #datawarehouse #RMISC2023 #cybersecurity
