Jenny Radcliffe on People Hacking

Society of Corporate Compliance and Ethics (SCCE)
Contact
Liverpool-based Jenny Radcliffe, who leads Human Factor Security, is not your typical hacker, clad in a black hoodie and working out of basement. Rather than spending her time hunched over a keyboard, she seeks to hack people.

What does that mean? As she explains in this podcast, she uses persuasion, psychology and influence methods to make her way into systems, and even into physical premises. She is often hired to break alarms and see if she can talk her way into a See more +

Liverpool-based Jenny Radcliffe, who leads Human Factor Security, is not your typical hacker, clad in a black hoodie and working out of basement. Rather than spending her time hunched over a keyboard, she seeks to hack people.

What does that mean? As she explains in this podcast, she uses persuasion, psychology and influence methods to make her way into systems, and even into physical premises. She is often hired to break alarms and see if she can talk her way into a building.

She does it by capitalizing on the all-too-human aspects of our personalities, and from her experiences she has learned how phishing emails and other techniques also capitalize on human weaknesses to enable hackers to breach computer systems.

What’s both terrifying and fascinating, is how hackers take advantage of our weaknesses, tailoring their attacks, knowing that different scams work for different people and cultures. In fact, she explains that the organization culture you have, is the hack you invite. In a hierarchical organization the hacker will likely use authority principles. In a younger, less rules-driven culture attackers may use registration for a social activity as a way to steal passwords and IDs.

Hackers also take advantage of human emotions and stress. As she memorably says, “Emotion kicks logic off the cliff.” That’s why techniques such as promising a prize or threatening the release of embarrassing information can be so successful in getting people to click where they shouldn’t.

She advises companies create “cognitive firewalls” within their organization, helping employees to watch for red flags such as:

1. Any approach via email, call or social media that makes the recipient emotional

2. Mentioning money

3. The request to act, especially if asked to act quickly

How else can you protect your organization? By making it safe for people to come forward when they make a digital mistake. The more comfortable they are coming forward, the faster they will and the sooner the breach is remediated.

And how do you find the internal bad actor? That, she says, falls on the shoulders of line managers, who need to be on the lookout for changes of behavior that may indicate stress.

Listen in to learn more, including the risks that can come as employees return to the workplace. See less -

Embed
Copy

Written by:

Society of Corporate Compliance and Ethics (SCCE)
Contact
more
less

Society of Corporate Compliance and Ethics (SCCE) on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.