SlideShare una empresa de Scribd logo

Hieupc-The role of psychology in enhancing cybersecurity

Descargar como PPTX, PDF
Security Bootcamp
Security Bootcamp

The document discusses the role of psychology in enhancing cybersecurity, noting that humans are often the weakest link. It provides statistics on internet users and connected devices to illustrate how everything is connected and vulnerable. It then outlines principles that social engineers exploit, like social proof, reciprocity, and scarcity. Examples are given of major data breaches from companies like Equifax and Marriott that involved human factors. Recommendations are made for governments, corporations, and individuals to improve cybersecurity through education, policies, and secure product development. The role of psychology in security is emphasized, as technological and social engineering techniques combined pose real threats.

Internet
1 de 13
The Role of Psychology in Enhancing Cybersecurity Government + Corporation + Individual = Humans == The Weakest Link?
Summary of the Internet Statistics for 2020 “Everything is connected, everything is vulnerable” 1/ Over 4.33 billion active internet users worldwide. 2/ 57 percent of the entire world's population has internet access. 3/ Amount of companies all over the world is approaching to 200 millions. (Walmart, Amazon, Toyota…) 4/ 195 countries in the world (country = government) 5/ More than 22 billion devices connected to the Internet.
Best way to defeat the firewall?
Principles social engineers exploit : Thinking - Feeling - Behaving - Social proof: People tend to do things that they see other people doing. - Reciprocity: People, in general, often believe that if someone did something nice for them, they owe it to that person to do something nice back. - Authority: People tend to obey authority figures, even when they disagree with the authority figures and even when they think what they’re being asked to do is objectionable. - Likeability: People are, generally speaking, more easily persuaded by people who they like than by others. - Scarcity: If people think that a particular resource is scarce, regardless of whether it actually is scarce, they will want it, even if they don’t need it. - Greed: Easy money. - Goodness: Feeling bad, want to give favor…. - Consistency and commitment: social media, jobs….. - Supportive: Like to get support or want to support. - Taking advantage of moments: Covid-19, President election, natural disasters….
Human factor remains security’s weakest link in cyberspace. 1/ A product is secure # A process is secure. (Security technologies # human behavior - psychology in security.) 2/ Technological techniques + social engineering techniques.(Phishing, SMiShing, Vishing,...) = Real Threat 3/ My testimony 2009 - 2013 (Microbilt, LibertyData, Locateplus, Court Ventures, Experian) 4/ It’s all about psychology. (E.g. 2017 Equifax lost more than 150 million records - , 2019 - Toyota lost $37 million, 2016 - USA’s Democratic Party - lost emails, 2020 - Marriott 5.2 million records,....)
What should we do? 1/ Government - establish different classifications of data, each with its own set of related laws, policies, procedures, and technologies. 2/ Corporation - develop products with user-focused security, provide insurance for user’s data, educate user with cybersecurity knowledge,..... 3/ Individual - users need to be educated through cybersecurity awareness programs from the government, corporation and media news,..... “Security holes in the delivered products are dangerous but security holes in the deployed system (human factor) are even more dangerous.”
What should we do?
We are united as one
Spot Social Engineering attack! – unusual requirements – requiring respect for authority - threatening with negative consequences – giving praise and flattery – offering something for nothing – seems too good to be true, etc…
Social Engineering Countermeasure – Slow down and Research the facts – Delete any request for financial information or passwords. – Reject requests for help or offers of help – Don’t let a link in control of where you land – Do not post yours personal data or photos – Do not reveal sensitive data (e.g. passwords) – Do not avoid policies and procedures – Report any suspicious activity
Helpful documents: 1/ Industry of Anonymity: Inside the Business of Cybercrime - Jonathan Lusthaus 2/ Human Factors in Cyber Security: User Authentication as a Use Case - Dr Shujun LI. 3/ Behavioral Cybersecurity_ Applications of Personality Psychology and Computer Science - Wayne Patterson, Cynthia E. Winston-Proctor 4/ The Art of Deception - Kevin Mitnick 5/ Eric Rutger Leukfeldt - Research agenda. The human factor in cybercrime and cybersecurity. 6/ www.7onez.com (cybersecurity awareness blog) 7/ https://staysafeonline.org/stay-safe-online/online-safety-basics/
News: 1/ Top 5 Social Engineering Attacks of All Time 2/ 10 real and famous cases of social engineering attacks 3/ The Biggest Data Breaches in the first half of 2020 4/ Krebsonsecurity: Experian breach
Thank you very much! By Hieupc

Recomendados

Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
Security Bootcamp
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 

Recomendados

Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
Security Bootcamp
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
newbie2019
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
Nawanan Theera-Ampornpunt
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
Chinatu Uzuegbu
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
Kabul Education University
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
rainrjcahili
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
Nicholas Davis
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
Pace IT at Edmonds Community College
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
Community Protection Forum
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
AliyuMuhammadButu
 
Securing information system
Securing information systemSecuring information system
Securing information system
Tanjim Rasul
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
Omid Aminzadeh Gohari
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
Stefano Maria De' Rossi
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
Ni
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
Param Nanavati
 
Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
SaraJayneTerp
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
Sara-Jayne Terp
 

Más contenido relacionado

La actualidad más candente

Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
Omid Aminzadeh Gohari
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
Mark John Lado, MIT
 

La actualidad más candente (20)

Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Cyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-UpCyber Security Awareness Month 2017-Wrap-Up
Cyber Security Awareness Month 2017-Wrap-Up
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
Network security # Lecture 2
Network security # Lecture 2Network security # Lecture 2
Network security # Lecture 2
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Cyber Security for Teenagers/Students
Cyber Security for Teenagers/StudentsCyber Security for Teenagers/Students
Cyber Security for Teenagers/Students
 
Cyberwar Gets Personal
Cyberwar Gets PersonalCyberwar Gets Personal
Cyberwar Gets Personal
 
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative EnvironmentsPACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
PACE-IT, Security+ 4.5: Mitigating Risks in Alternative Environments
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Securing information system
Securing information systemSecuring information system
Securing information system
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
 
Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...Computer hacking and security - Social Responsibility of IT Professional by M...
Computer hacking and security - Social Responsibility of IT Professional by M...
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
Risks and Security of Internet and System
Risks and Security of Internet and SystemRisks and Security of Internet and System
Risks and Security of Internet and System
 

Similar a Hieupc-The role of psychology in enhancing cybersecurity

Pavlos_Isaris_final_report
Pavlos_Isaris_final_reportPavlos_Isaris_final_report
Pavlos_Isaris_final_report
Pavlos Isaris
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
ijmvsc
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
Russell Publishing
 
Cyberterrorism can be in the form of Information attacks which a.docx
Cyberterrorism can be in the form of Information attacks which a.docxCyberterrorism can be in the form of Information attacks which a.docx
Cyberterrorism can be in the form of Information attacks which a.docx
whittemorelucilla
 

Similar a Hieupc-The role of psychology in enhancing cybersecurity (20)

Sj terp emerging tech radar
Sj terp emerging tech radarSj terp emerging tech radar
Sj terp emerging tech radar
 
Cognitive security: all the other things
Cognitive security: all the other thingsCognitive security: all the other things
Cognitive security: all the other things
 
The Web We Want: Dealing with the dark side of social media (work in progress)
The Web We Want: Dealing with the dark side of social media (work in progress)The Web We Want: Dealing with the dark side of social media (work in progress)
The Web We Want: Dealing with the dark side of social media (work in progress)
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Pavlos_Isaris_final_report
Pavlos_Isaris_final_reportPavlos_Isaris_final_report
Pavlos_Isaris_final_report
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
The Future of Moral Persuasion in Games, AR, AI Bots, and Self Trackers by Sh...
The Future of Moral Persuasion in Games, AR, AI Bots, and Self Trackers by Sh...The Future of Moral Persuasion in Games, AR, AI Bots, and Self Trackers by Sh...
The Future of Moral Persuasion in Games, AR, AI Bots, and Self Trackers by Sh...
 
Cyberterrorism can be in the form of Information attacks which a.docx
Cyberterrorism can be in the form of Information attacks which a.docxCyberterrorism can be in the form of Information attacks which a.docx
Cyberterrorism can be in the form of Information attacks which a.docx
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
 
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global ContextWCIT 2014 Matt Stamper - Information Assurance in a Global Context
WCIT 2014 Matt Stamper - Information Assurance in a Global Context
 
PP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptxPP Lec9n10 Sp2020.pptx
PP Lec9n10 Sp2020.pptx
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013India Top5 Information Security Concerns 2013
India Top5 Information Security Concerns 2013
 
Chapter 5_IT, Culture and Society.pptx
Chapter 5_IT, Culture and Society.pptxChapter 5_IT, Culture and Society.pptx
Chapter 5_IT, Culture and Society.pptx
 
Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT...
Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT...Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT...
Building Trust in a Tense Information Society, Daniel Weitzner, Director, MIT...
 
Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)Chp 05 anonymity, security, privacy and civil liberties (shared)
Chp 05 anonymity, security, privacy and civil liberties (shared)
 
BYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi MaruBYOD: Beating IT's Kobayashi Maru
BYOD: Beating IT's Kobayashi Maru
 

Más de Security Bootcamp

GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
Security Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
Security Bootcamp
 

Más de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 
Cyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ VikjavaCyber Attacks on Financial _ Vikjava
Cyber Attacks on Financial _ Vikjava
 
Tran Minh Tri - Bao mat du lieu thoi ky [3.0]
Tran Minh Tri - Bao mat du lieu thoi ky [3.0]Tran Minh Tri - Bao mat du lieu thoi ky [3.0]
Tran Minh Tri - Bao mat du lieu thoi ky [3.0]
 

Último

Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 

Último (20)

Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 

Hieupc-The role of psychology in enhancing cybersecurity

  • 1. The Role of Psychology in Enhancing Cybersecurity Government + Corporation + Individual = Humans == The Weakest Link?
  • 2. Summary of the Internet Statistics for 2020 “Everything is connected, everything is vulnerable” 1/ Over 4.33 billion active internet users worldwide. 2/ 57 percent of the entire world's population has internet access. 3/ Amount of companies all over the world is approaching to 200 millions. (Walmart, Amazon, Toyota…) 4/ 195 countries in the world (country = government) 5/ More than 22 billion devices connected to the Internet.
  • 3. Best way to defeat the firewall?
  • 4. Principles social engineers exploit : Thinking - Feeling - Behaving - Social proof: People tend to do things that they see other people doing. - Reciprocity: People, in general, often believe that if someone did something nice for them, they owe it to that person to do something nice back. - Authority: People tend to obey authority figures, even when they disagree with the authority figures and even when they think what they’re being asked to do is objectionable. - Likeability: People are, generally speaking, more easily persuaded by people who they like than by others. - Scarcity: If people think that a particular resource is scarce, regardless of whether it actually is scarce, they will want it, even if they don’t need it. - Greed: Easy money. - Goodness: Feeling bad, want to give favor…. - Consistency and commitment: social media, jobs….. - Supportive: Like to get support or want to support. - Taking advantage of moments: Covid-19, President election, natural disasters….
  • 5. Human factor remains security’s weakest link in cyberspace. 1/ A product is secure # A process is secure. (Security technologies # human behavior - psychology in security.) 2/ Technological techniques + social engineering techniques.(Phishing, SMiShing, Vishing,...) = Real Threat 3/ My testimony 2009 - 2013 (Microbilt, LibertyData, Locateplus, Court Ventures, Experian) 4/ It’s all about psychology. (E.g. 2017 Equifax lost more than 150 million records - , 2019 - Toyota lost $37 million, 2016 - USA’s Democratic Party - lost emails, 2020 - Marriott 5.2 million records,....)
  • 6. What should we do? 1/ Government - establish different classifications of data, each with its own set of related laws, policies, procedures, and technologies. 2/ Corporation - develop products with user-focused security, provide insurance for user’s data, educate user with cybersecurity knowledge,..... 3/ Individual - users need to be educated through cybersecurity awareness programs from the government, corporation and media news,..... “Security holes in the delivered products are dangerous but security holes in the deployed system (human factor) are even more dangerous.”
  • 8. We are united as one
  • 9. Spot Social Engineering attack! – unusual requirements – requiring respect for authority - threatening with negative consequences – giving praise and flattery – offering something for nothing – seems too good to be true, etc…
  • 10. Social Engineering Countermeasure – Slow down and Research the facts – Delete any request for financial information or passwords. – Reject requests for help or offers of help – Don’t let a link in control of where you land – Do not post yours personal data or photos – Do not reveal sensitive data (e.g. passwords) – Do not avoid policies and procedures – Report any suspicious activity
  • 11. Helpful documents: 1/ Industry of Anonymity: Inside the Business of Cybercrime - Jonathan Lusthaus 2/ Human Factors in Cyber Security: User Authentication as a Use Case - Dr Shujun LI. 3/ Behavioral Cybersecurity_ Applications of Personality Psychology and Computer Science - Wayne Patterson, Cynthia E. Winston-Proctor 4/ The Art of Deception - Kevin Mitnick 5/ Eric Rutger Leukfeldt - Research agenda. The human factor in cybercrime and cybersecurity. 6/ www.7onez.com (cybersecurity awareness blog) 7/ https://staysafeonline.org/stay-safe-online/online-safety-basics/
  • 12. News: 1/ Top 5 Social Engineering Attacks of All Time 2/ 10 real and famous cases of social engineering attacks 3/ The Biggest Data Breaches in the first half of 2020 4/ Krebsonsecurity: Experian breach
  • 13. Thank you very much! By Hieupc

Notas del editor

  1. Many cyber breach incidents may not be the result of the archetypal hacker using technological means to get into a system. Instead, cybersecurity attacks are increasingly based primarily on social engineering techniques – the use of psychological manipulation to trick people into disclosing sensitive information or inappropriately granting access to a secure system
  2. Brainstorm session from audiences Government: tends to make it easy for businesses, care more about their own benefits and do things on their own pace. Corporation: tends to build cheap and quick product with a little or no user-focused security. Hiring careless developers who never mind about cybersecurity for users. They also didn’t follow the laws and security-privacy standard from their industry. It’s all about money at the end. Running their product/service with a mindset that “Deal with it later” Individual: end-users tends to not care much or lack of cybersecurity and privacy knowledge. They need to educate themselves by spending their precious time to read more about cybersecurity - privacy guide. Besides that the government - corporation should educate the software developer, lawyer, policymaker and all of us users who are the most weakest point in the cyberspace.
  3. We also need to understand that it’s difficult for government, corporation and individual to implement the use of best security practices. As researchers and educators, we must address all the many different roles that we humans play in cybersecurity, beyond just the security practitioner who administers firewalls, tunes intrusion detection systems, set a stricter security/privacy policies, set a stricter privileges account access and monitors networks. We must also educate the software developer, lawyer, policymaker and all of us users who are unwitting accomplices of the attacker.’’
  4. Collaboration between government - business - people