The Travelin' Librarian Uncategorized ICIW2008: Establishing the Human Firewall: Improving Resistance to Social Engineering Attacks

ICIW2008: Establishing the Human Firewall: Improving Resistance to Social Engineering Attacks

Jamison Scheeres, Air Force Institute of Technology

  • what is social engineering
    • techniques to manipulate people
    • also shoulder surfing
    • also dumpster diving
    • trick someone into doing something
  • huge threat in today’s environment
  • red teams say SE is 100% effective
  • current defensive techniques are not effective
  • research
    • successful SEs are not caught
    • classification issues
    • ethical issues in deceiving subjects
  • psychological triggers
    • authority
    • reciprocation
    • strong affect (phishing)
    • overloading (buffer overflow for humans)
    • deceptive relationships
    • integrity/consistency
  • principles of persuasion
    • authority
    • consistency
    • liking
    • reciprocity
    • scarcity
    • social proof
  • resistance to persuasion
    • inoculation theory
    • self-efficacy
    • forewarning
  • “dispelling the illusion of invulnerability” (2002, Sagarin)
  • methodology
    • compared psych triggers to principles of persuasion
    • determine relationship between illegitimate persuasion & social engineering
  • military vulnerable to authority due to strict hierarchy of authority
  • conclusions
    • strong relationship between principles and triggers
    • illegitimate persuasion = social engineering
    • been trying to install resistance in the wrong way
    • solution is to demo to the individual they are personally vulnerable
    • security people must social engineer their people
  • future research
    • develope measurement
    • compare/validate various means of resistance training
Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.