November 8, 2022
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Social Engineering Defense
In the news this week: Over 250 US News Websites Deliver Malware via Supply Chain Attack -- AGAIN. Cyber criminals are compromising advertising networks to deliver malware to unsuspecting readers online. I started thinking about how to help you protect yourself against these types of social engineering attacks, and I remembered Robert Cialdini's "Influence: The Psychology of Persuasion." In this book, Cialdini identifies six "principles of influence" which are commonly used as sales tactics -- and this includes "selling" you to download malware! Let's take a look:
(1) Reciprocity: People feel indebted to those who do something for them or give them a gift. Think about this: do you take extra care to look up, smile and say "thank you" when someone holds open a door for you? Would you have looked at them and smiled if they hadn't? This translates to the "free gift!" tactic often used to get people to sign up for newsletters and such.
(2) Urgency & Scarcity: The less there is of something, the more valuable it is. The more rare and uncommon a thing, the more people want it. "Act now! only three left in stock!" "Last chance to save!" "Only 5 slots still available!"
(3) Consistency and Commitment: People do not like to back out of deals. We’re more likely to do something after we’ve agreed to it verbally or in writing. How many times have you agreed to answer an online survey and wanted to stop but felt compelled to finish it? They got you!
(4) Liking: People prefer to say ‘yes’ to those they know and like. (How many times have you said "Sorry, no" when a friend or coworker asked you to buy their kids' band candy?) People are also more likely to favor those who are physically attractive (think about the models used to sell cars and beer), similar to themselves (read about "mirroring") or who give them compliments. Mark Twain said "I can live for two months on a good compliment."
(5) Authority: People respect authority. They want to follow the lead of real experts. ("Warren Buffett just bought this stock, click here to find out why!")
(6) Social Proof: When uncertain what to do, people look around to see what others are doing. (This is why Facebook loves to show you pages that your friends already "like.")
The bad guys use every one of these same tactics to get you to click on bad links and open infected attachments. Think before you click!
Upcoming Virtual Workshop
Eight years after its release, many organizations still find themselves struggling with how to
implement the NIST CSF. In this virtual workshop, we will break it down into a simple, 7-step process that
anyone can follow.
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺