As cybercrime grows more sophisticated day by day, so do technical defenses. But great technology is no match for an employee clicking on a simple phishing email. Psychological security is designed to protect the human mind from manipulation that leads to compromises.
Today’s guest is Adam Anderson. Adam is chairman of the board for Hook Security and a serial cybersecurity entrepreneur. He is one of the founders of the Psychological Security Movement. Psychological Security or “Psy-Sec,” was born to create new technologies and processes to help build resilient human minds that can resist manipulations through technology.
- [1:10] – Adam introduces himself as a serial cybersecurity entrepreneur who has launched 21 companies over 20 years. He is passionate about this topic.
- [2:24] – The human part of cybersecurity is always the weakest link.
- [4:01] – Chris and Adam discuss how when you work in IT, you look at things through an IT lens, but there is a human side.
- [5:21] – Security is typically an afterthought which comes after an incident.
- [5:51] – Adam breaks down the meaning of security and what types you will see within a company or corporation as being physical security and info security.
- [6:42] – Adam says that both types of security are vulnerable to social engineering.
- [7:31] – Hook Security was created after Adam worked in frustration for 20 years. He is chairman of the board and hired a successful educator as CEO who is an expert in how people learn.
- [9:23] – Adam is a firm believer that “Psy-Sec” needs to be a separate department of professionals who can work to build resilience in human brains to resist manipulation.
- [11:15] – It is unreasonable to expect the IT department to be proficient in the human interface as it is not in their skillset.
- [12:42] – Adam states that systems are 95% safe from compromise which is a great improvement, but when you have a large company, 5% is still too much.
- [13:12] – Right now, Adam is working with the cognitive brain function and explains the details on how this works in regards to psychological security.
- [15:10] – There are two ways to lay down memories and “fight or flight.” One is through fear and one is through humor.
- [16:27] – People are better at remembering something that made them laugh and Adam trains people with this in mind.
- [18:26] – Hook Security provides Security Awareness Training that people actually enjoy.
- [19:06] – Hook Security is being very careful with how they present their findings and taking their time with the science elements involved so that it is used for good and not as a tool for attackers.
- [21:54] – Social engineering is no different from simple marketing. Marketing is there to show you something that you may find valuable and hope that you click on it. Social engineering is the same, but “with a different punch line.”
- [22:56] – There’s a database. You’re in it. You are a product. If you are getting something for free or are paying something low, you are the product. Adam uses a Netflix example to demonstrate this.
- [24:52] – With the way YouTube and Netflix work, you are trusting big corporations to have your best interests at heart.
- [25:52] – We are all wired to help others. These hard-wired responses allow marketers and attackers to take advantage.
- [27:16] – Chris and Adam discuss that the way marketing works is not a bad thing because they want to see the recommendations based on their interests. But they can be used negatively.
- [28:39] – Fake news and “echo chambers” that we find ourselves in are designed to polarize people to different extremes.
- [30:02] – Just like marketers who know who they are targeting to sell to, cybercriminals know what your triggers are to manipulate you into a compromising situation.
- [31:46] – There are different types of triggers that cause us to fall for scams.
- [32:08] – These triggers are wonderful when they happen organically and to help others but are terrifying when they are used against us.
- [33:53] – Learning how to pause and evaluating whether something is true or not is crucial. If you can’t do that, Adam says to “reprogram your auto-pilot.”
- [36:14] – Your perception of the phone is that it is something that you get a lot of value from but it is also a place where people will call you and text you with fraudulent stuff. Some people can pause and question it and some cannot.
- [38:12] – We all have blind spots and we don’t know what they are, so always have a support system to get others’ opinions on the matter before making certain choices.
- [39:50] – It is imperative that we treat this seriously. We are throwing a burden on our “nerds” by having them try to understand the nuances of the human brain.
- [41:39] – None of this science is new. We just need to apply it.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.