Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hacking the Human Operating System- Raj Samani

Why are data breaches so commonplace?  Whether the attacks are against the energy sector as reported July 2014with over 1,000 energy companies in North America and Europe reported to have been compromised.  To other attacks targeting other sectors (e.g. Operation Troy, Operation High Roller Nightdragon, etc.) it would appear that no sector is immune from data breaches. One common theme amongst these and other attacks is the initial infection vector, namely exploiting the subconscious of a trusted employee. The modus operandi for most of the common data breaches is to leverage some form of social engineering to coerce the user into an action facilitating malware infection.

The prevalence of social engineering in many publicly disclosed cyber-attacks demonstrates either an inherent weakness in the acumen of victims to distinguish malicious communications, or that cybercriminals are using more complex methods to bypass the ‘human firewall’.  The answer of course likely lies somewhere in between these two statements, but regardless of the root case it does demonstrate that the first line of defense is evidently failing.  The default position to blame users as the cause for breaches which is not entirely fair.  Whilst there will be examples where clearly unsafe practices are being employed, our latest whitepaper “Hacking the Human Operating System” demonstrates the techniques used by attackers are to bypass the consciousness of their targets and attempt to manipulate victims through leveraging subconscious levers of influence.

The paper reviews the concept of social engineering; the techniques used within many of the recent cyber-attacks, levers used to influence victims, communication channels used, and suggested controls to reduce the risk..   Much has been written about social engineering.  The content of these sources vary widely, from definitions, to mitigation.  The purpose of the paper is to define the concepts, and introduce mitigations that go beyond simply suggesting that awareness is a panacea.

Unless we address the first line of defense, data breaches will continue to hog our Twitter timelines, and support the ever burgeoning cost of cybercrime.

Version history
Revision #:
1 of 1
Last update:
‎04-13-2015 12:06 PM
Updated by:

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community