Concerned about cyber security and Info security? Then you have to read this.
JUST HOW MUCH sensitive information can an unscrupulous “hacker” glean from you, your colleagues or staff? If you think “not much”, you’re mistaken.
If you are part of an organisation, are connected to the Internet, and you have employees, then you are at risk. Actually, you are at risk from more than just one angle, but for the moment let’s ignore the Insider Threat, and concentrate on a risk that you may not even have considered…
Wee Mary in accounts.
Seriously. You see, the main threat to your info security is not some faceless, hooded hacker in a dim and distant basement. Rather, it is the very real possibility of an employee inadvertently giving out information. Alternatively, any company employee with access to a keyboard and the internet, clicking on a link and connecting to some website you’d rather they didn’t.
Next thing you know, you are the target of fraud or ransomware.
Most people think of a “hacker” as somebody with highly developed computer skills who breaks into accounts. But that’s not how it’s happening nowadays.
More recently, the hacker is somebody who “tricks” the target – a customer, employee or service agent – into opening the way for them. This strategy has been given the title “Social Engineering”. And it is how more than two-thirds of security breaches are achieved these days.
Rather than the whiz-kid “hackers” we hear so much about in the media, these fraudsters are “social engineers”; crafty individuals who exploit the one weakness found in each and every organisation: human psychology.
Using any means at their disposal, these attackers will employ everything from phone calls to social media in order to trick employees into giving them access to sensitive information.
Indeed, the most effective and efficient way for somebody to access and play havoc with your system is by employing Social Network techniques and skills. And the reason is that these techniques utilise the weakest point – the Human Factor.
In my keynote addresses and workshops with companies, I define Social Engineering as: “The psychological manipulation of people into performing actions or divulging confidential information”.
Now, as a performer of “mind reading” (or mentalism), the definition of my “art” is the “…ability to read body language or to manipulate the subject subliminally through psychological suggestion”. And I use pseudo- scientific subterfuge to achieve that.
A Social Engineer will “Change perceptions or behaviour using the psychological manipulation of others to gather information.”
Well, as a mentalist / mind magician, that is exactly what I do for a living! The only difference is, I don’t use my skills for fraud, or to access your infosecurity. Indeed, if I wasn’t doing this for entertainment, I would be a crook. I would be your enemy.
When I’m performing on stage, I play with the perceptions of my audience. I gain information – without the participant being aware how I’m doing it – then revealing it as a sort of “mind reading” demonstration (rather than using that information unethically or for reasons of fraud.)
So, though the worlds of stage entertainment and infosecurity may seem quite different, they have a great deal more in common than you might initially think.
And with more than two thirds of cyber security breaches being of the Social Engineering flavour, it’s hardly surprising that the most powerful hack is Social Engineering – gathering information by tricking people into doing what the crook wants.
How powerful is it? Well, as part of my stage performance, I offer a selection of books to a participant. He selects one, then flicks back and forward through the pages, selects a page, a paragraph and any word. You can’t get much more random than that. I get the participant to imagine that the word is his password to his computer… Then within around three minutes, I write something down on my pad. The word I have written down (nine times out of ten!) is the word he was thinking of – his password.
Make no mistake; the underlying principle I use to achieve this result has parallels with the techniques used by Social Engineers.
I’ve given numerous keynote addresses at Cyber Security events and conferences throughout the UK, including Stirling University (NHS), SBRC “Insider Threat” (Royal Bank of Scotland). RSA (Kings Place, London), and Hargreaves Lansdown (Bristol).
At each and every one, delegates were astonished and amazed – and hopefully a little concerned – at just how easily and quickly I could harvest “secret” information. What’s more, they had little idea exactly how I was doing it. Now, if I can do that with hardened security experts, what chance does one of your employees have? Unless they are made aware just how easily they can be psychologically manipulated, and how real the threat is.
When it comes to Phishing, the attacker tries to learn information such as login credentials or account information. They do this using a selection of techniques and skills. Once they have that information (whereas I reveal it, so it looks like mind reading) they use it for a ransomware attack or some other form of cyberextortion.
During my “mind magic” and mind reading shows I use mentalism techniques to get even the smallest scrap of information. From there, I can build upon it, rather like building a jigsaw, piece by piece, till I have all the information I need. And that’s exactly how a Social Engineer works. The only difference is that you, your colleague, or your employee won’t be standing on a stage, having their mind read. And the result could be devastating to the company.
Hi-tech hacking versus Social Engineering? Perhaps Houdini said it best when he said: “Why pick the lock? It’s easier if you have the key.”
Well, in my performance I don’t even need the key. I use Pseudo-scientific subterfuge in order to get people to open the door for me. I manipulate people to give me the information I need, without them even being aware that I’m doing it. They give me information, and they are unaware of the fact.
And that’s fine, because it’s me, and it’s for entertainment. Not so fine and dandy if it’s an unscrupulous fraudster who’d really like to get hold of the sensitive information on your computer.
You can read more about the threat of Social Engineering, and Drew McAdam’s views, in this article: http://www.itpro.co.uk/security/24538/mind-reading-hackers-are-stealing-your-data
WHO IS DREW McADAM?
Drew McAdam is an entertainer based in Central Scotland. He has performed his distinctive form of pure mind magic across the UK and from the United States to Russia. From Europe to Africa – and most places in-between. Though mainly performing in the corporate market, he often performs in theatre and on TV – and had his own series with BBC. While specialising in corporate after dinner astonishment and cabaret performances, he loves nothing more than taking his spellbinding demonstrations to private functions, parties and weddings.
If your requirement is for entertainment that is uniquely practical and practically unique… Get in touch.