Last year, with the help of Dr. Michael Gerson Professor of Psychology and a slight of hand magician, we presented a lecture-demo called “Magic and CyberSecurity”.
I have always been fascinated by magic (who isn’t) and it occurred to me that there were a lot of parallels between how we as humans perceive illusions and how those same perceptions make us vulnerable to Cyber attack. Much of it all boils down to neuroscience and they way our brains process input.
Here’s an example: mirror neurons. These neurological pathways cause us to involuntarily mimic what we see. Have you ever seen someone shrug their shoulders and found yourself shrugging your shoulders? A more universal example is when someone simply smiles at us. It’s hard, not to smile back. We are neurologically predisposed to a sort of monkey-see-monkey do reaction.
When a magician leverages our perceptions through imagery or misdirection we are focused on the illusion. We want to figure it out. We drill down with all our energy and attention trying to catch them, to discover the trick. And even after all that focused concentration, we are delighted when our perceptions fail us and the magician wins. Presto change ‘O – magic. We enter into the relationship with the magician for entertainment, we know that nothing really bad is ever going to happen to us.
Guess what? Criminals read. Criminals study. If you think for a moment that they are not as crafty as magicians, think again. Sure, there are amateurs out there who take the cookie cutter approach with the same old tired phishing campaigns. But what about the ones who are as practiced and knowledgeable about human perception as a magician, or a neuroscientist? They are out there.
Framing it this way gives us pause. Treat every email you receive as a magician’s trick. Drill down deep and look as hard as you would trying to catch a magician because if you are fooled, their isn’t a reward, there’s a penalty.
rubesdontech.com 