{"id":3470,"date":"2019-02-18T08:25:52","date_gmt":"2019-02-18T08:25:52","guid":{"rendered":"http:\/\/homodigitalis.gr\/posts\/3470"},"modified":"2023-06-30T09:31:04","modified_gmt":"2023-06-30T07:31:04","slug":"ignoring-data-analysis-inferences-copy","status":"publish","type":"post","link":"https:\/\/homodigitalis.gr\/en\/posts\/3470\/","title":{"rendered":"Social Engineering as a threat to Society"},"content":{"rendered":"

[vc_row][vc_column column_width_use_pixel=”yes” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ uncode_shortcode_id=”163033″ column_width_pixel=”746″][vc_column_text el_class=”blogtext” uncode_shortcode_id=”562056″]Written by Anastasios Arampatzis*<\/em><\/p>\n

Social Engineering is defined as the psychological manipulation of human behaviour into people performing actions or divulging confidential information. It is a technique, which exploits our cognitive biases and our basic instincts, such as confidence, for the purpose of information gathering, fraud or system access. Social engineering is the \u201cfavourite\u201d tool of cyber criminals and is now primarily used through social networking platforms.<\/p>\n

Social Engineering in the context of cyber-security<\/strong><\/p>\n

The conduct of the staff has a significant impact on the level of an organisation\u2019s\u00a0\u00a0\u00a0 cyber-security, that by extension means that social engineering is a major threat.<\/p>\n

The way we train our staff in cyber-security, affects the cuber-security of our organisation, as such. Recognising staff\u2019s cultural background of our company and planning their training in such a way that responds to various cognitive biases can aid to the establishment of an effective information\u2019s security. The ultimate objective should be the development of a cyber-security culture within the meaning of attitude, notion, cognition and behaviour that contribute to protect sensitive and relevant information of an agency. A substantial part of cyber-security culture is the risk awareness of social engineering. If the officials do not consider themselves as part of this effort, then they disregard the security interest of the organisation.<\/p>\n

Cognitive exploitation<\/strong><\/p>\n

The various techniques of social engineering are based on specific characteristics of the human decision-making process, which are known as cognitive biases. These biases are derivatives of the brain and the procedure of finding the easiest way possible to process information and take decisions in a swift. For example, a characteristic feature is the representativeness, the trend namely, to group related items or events. Each time we see a car, we do not have to remember the manufacturer or the colour. Our mind sees the object, the shape, the movement and indicates that this is a \u201ccar\u201d. Social engineers exploit this characteristic through sending phishing messages. We receive a message with the logo of Amazon and we do not check if it is false or not. Our mind says that this is coming from Amazon, that we trust it and so we click the link and we give away our personal data, as our card number. Similar attacks aim to interception of confidential information for the staff, as i.e. manipulation, fraud by phone. If any person is not adequately trained to face such attacks, he will not even understand their existence.<\/p>\n

Principles of Influence<\/strong><\/p>\n

Social engineering is largely based on the six principles of influence, as outlined in the book of Robert Cialdini \u201cInfluence: The Psychology of Persuasion\u201d which briefly are:<\/p>\n

    \n
  1. \n
      \n
    1. Reciprocity:<\/strong> obligation to give when you receive<\/li>\n
    2. Consistency:<\/strong> looking for and asking for commitments that can be made<\/li>\n
    3. Consensus:<\/strong> people will look to the actions of others to determine their own<\/li>\n
    4. Authority:<\/strong> people will follow credible knowledgeable experts<\/li>\n
    5. Liking:<\/strong> people prefer to say yes to those that they like<\/li>\n
    6. Scarcity:<\/strong> people want more of those things there are less of<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

      The scandal of Cambridge Analytica<\/strong><\/p>\n

      After the election of the President Trump many media were discussing the possibility that social engineering strategies might have been used to influence public opinion. Revelations for Cambridge Analytica and the data\u2019s use of users of Facebook does not only raise doubts as to data\u2019s privacy and the lack of user\u2019s consensus, but demonstrates the ease with which companies can plan and raise social-engineering campaigns against a whole society.<\/p>\n

      As for commercial advertisements, it is very important to know your target group, in order to reach your goal with the less possible effort. This is true for every influential campaign and what the scandal of Cambridge Analytica proved is that social engineering is not only a threat to cyber-security of a company or an agency.<\/p>\n

      Social engineering is a threat to political stability and the free and independent political dialogue. The advertising techniques used in social networking platforms raise many ethical dilemmas. Political manipulation and spreading misinformation and disinformation largely alleviate the existing moral issues.<\/p>\n

      The threat to Societies\u00a0<\/strong><\/p>\n

      Is it possible for social engineering to trigger a war or social unrest? Is it possible for foreigners to deceive citizens of a state in order to vote against their national interest? If a head of a State (I will not use the word leader) wants to manipulate his\/her State\u2019s citizens, can he\/she succeed it? The answer to all these questions is yes. Social engineering through digital platforms, which have invaded every social structure is a very serious threat.<\/p>\n

      The fundamental idea of democracy is that the power is vested in the people and exercised directly by them. Citizens can express their opinions through an open, protected and free dialogue. Accountability, especially of government officials, but also individuals, is equally an important principle of democracy. Through the mass collection and exploitation of personal data with no accountability, these principles are endangered.<\/p>\n

      However, at this point it should be noted that it is not only social networking platforms to blame, such as Facebook, for any disinformation campaign or political manipulation. These platforms actually reflect our actions. We create our own sterile world, our \u201ccycle of trust\u201d. Therefore, the threat is not the means by themselves, even if they have a share of responsibility in their way of collecting data and advertising practices. The real threat are the devious ones and how they exploit these platforms.<\/p>\n

      Large-scale campaigns of social engineering, which are taking advantage of human trust, contaminate public dialogue with misinformation and distort reality and can pull societies back from the brink. The truth is doubted more than ever and political polarisation is increased. Spreading news on social media with no accountability leads to political distortion, lack of confidence in the political system and the election of extreme political parties. In brief, social engineering is a serious threat to social and political stability.<\/p>\n

      Response to the threat<\/strong><\/p>\n

      The key to tackling social engineering, considering that tactics are aiming to lack of knowledge, to our unawareness and our prejudices, is awareness. The approach of raising awareness has dual effect: on the one hand we can develop strategies and good practices to confront social engineering as such, on the other hand we can develop policies to reduce the results of social engineering.<\/p>\n

      In contrast to what is happening in responding to malicious software, in order to address social engineering we cannot just \u201cinstall\u201d some kind of software to humans in order to stay safe. As Christopher Hadnagy notes in his book \u201cSocial Engineering, The Art of Human Hacking\u201d, social engineering requires an holistic, people-focused approach, which will be focused on the following axes:<\/p>\n

        \n
      1. \n
          \n
        1. Learning to recognise social engineering attacks<\/li>\n
        2. Creation of a personalised program on cyber-security awareness<\/li>\n
        3. Consciousness of the value of information searched by social engineers<\/li>\n
        4. Constantly updated software<\/li>\n
        5. Exercises through a simulation software and \u201cserious\u201d games (gamification)<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

          Confrontation of social engineering should become part of a wider training of our digital security. To combat social engineering on a society level we should be trained for the vulnerability of modern means of communication (i.e. social media), for the reasons, why they can be used for people\u2019s manipulation (i.e personalised advertising, political communication) and for the ways in which they are manipulated (i.e. fake news). Awareness is the key to develop critical thinking against social engineering.<\/p>\n

          *Anastasios Arampatzis is member of Homo Digitalis, demobilised Officer of Air Force with more than 25 years experience in relevant aspects of security of information. During his time in the Office of Air Force, he was certified NATO evaluator in cyber-security cases and has been honoured for his knowledge and his efficiency. Nowadays, he is a columnist on State of Security of Tripwire firm and for the blog of Venafi. His articles have been published in many well-respected websites.<\/em>[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

          Anastasios Arampatzis explains the notion of social engineering and the threats arising from it to businesses and society<\/p>\n","protected":false},"author":7,"featured_media":3472,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"give_campaign_id":0,"footnotes":""},"categories":[61],"tags":[],"class_list":["post-3470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"_links":{"self":[{"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/posts\/3470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/comments?post=3470"}],"version-history":[{"count":1,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/posts\/3470\/revisions"}],"predecessor-version":[{"id":120002,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/posts\/3470\/revisions\/120002"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/media\/3472"}],"wp:attachment":[{"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/media?parent=3470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/categories?post=3470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/homodigitalis.gr\/en\/wp-json\/wp\/v2\/tags?post=3470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}