Behaviour detection

  1. Home
  2. Articles
  3. Behaviour detection
Human hacking June 2022
Social Engineering February 2022
Conversate January 2022
Behaviour detection April 2021
Zero credulity April 2020
All articles
Conversate

Conversate with employees, old-fashioned?

  • 19 January 2022
  • TrI-C

In an ideal world, the staff takes note of the policy of an organization, is trained and guided in the purpose of the organization and way of acting within various levels. This results in knowledge of the rules of conduct and respect for the code of conduct and the 'mission statement'. But is that policy and are those rules, usually recorded in management notes and well documented, also known to staff. But in fact, how this is then dealt with in practice. It doesn't have to be difficult; repetition is the power of the statement. Just like, for example, an emergency response moment / exercise or a management day, it could also be trained regularly, at least to be brought to the attention. Companies should encourage themselves internally to provide training and guidance as part of the corporate culture, a piece of 'education', in which the interpretation of integrity in all its facets is tested.

Integrity is 'black and white' there is no grey area.

Integrity is 'black and white' there is no grey area. Things go wrong when that grey area is searched for. The will to explore characterizes the desire to knowingly 'colour outside the lines'. It's a sliding scale, using moral excuses (“everyone does it, I only do it out of curiosity, I'm just a small link in the whole” etc.). On the other hand, employees are also not questioned by line managers or colleagues about actions or suddenly outlandish possessions. Due to lack of supervision, better; social control, it is thriving to research for maligning occasions and even to a criminal basis. The lack of supervision is in turn fuelled by the too easy hiding behind the General Data Protection Regulation (GDPR),the Privacy Legislation. Perhaps due to a misinterpretation regarding social norms or the omission of entering into a conversation with staff members. Sincerely wanting to know what is going on, showing interest in the mood of the employee. Is he/she comfortable in his/her own skin? How are the children doing at home, etc.. The interaction remains a form of communication where attention to the fellow human being from social grounds is needed to feel recognition and hearing in the organization. Conversely, it is proportional, if those social contacts and attention are not forthcoming, ignorance and loneliness can be felt. In some cases, it can lead to aversion to the organization and/or the associated work towards the reward that stands for it. For the record, it used to seem quite normal to communicate with the staff, but now that's all a bit more convulsive. One possibility is that this has largely been moved to digital communication.

Does that encourage corruption? A large part remains the responsibility of the individual, but opportunity determines the mood and therefore the moment. If a staff member is prone to corruption, the opportunity arises and the chance of being caught is nil, then blessings can very quickly be counted as positive.
But what is meant by corruption and why is the social engineer so interested in it? Corruption, like the concept of fraud, is difficult to define. Both concepts are collective names. Corruption could be described as: "abusing granted powers or power for personal gain". In any case, it is unfair behaviour in which you can say that two/three parties are involved. Someone who wrongly uses his power or influence to favour another party for a reward (provider) and the person who proposes or provides this reward (questioner). These two are inextricably linked. Where there is a market, there are suppliers and vice versa.

The question arises; how those two (questioner and provider) find each other and where is that market located. Open advertising with fake identity cards will immediately lead to a visit from the authorities as well as the police. People often find each other on the Dark Web, but the possibility that it happens under our eyes is just as plausible. In addition, anyone who facilitates corrupt acts is complicit in those acts. The customer, i.e. the person who derives an advantage through these actions, is a healer and therefore personally liable.

Deviant behaviour

Improper actions (corruption) are often accompanied by deviant behavior. Deceiving, influencing, spreading dis/misinformation, having money and goods for no valid reasons, extortion, making inappropriate use of the resources of the organization (who sails apples, eats apples) etc.. Despite the risks, such as reputational damage, dismissal, fines and prison sentences, this apparently does not outweigh the expected benefit. The strange thing is that many may be doing that consciously or unconsciously at their level, so that compromise is lurking. The social engineer experiences that "everyone has their price" and that is precisely why human hacking (social engineer)attacks are so lucrative. Often the other person does not know that an attempted hacking is taking place. Simple because the modus operandi is not recognized. In addition, deviant behavior is difficult to determine. To use a loaded word again, 'social control' could create a huge barrier for those who knowingly want to take advantage of improper actions. This makes offering more of the listening ear and being open to problems of the other, know what is going on.

Ultimately, the credo serves; 'educate', to be!

Ultimately, the credo serves; 'educate', to be! Make sure that staff, line managers, gatekeepers, etc. are at least armed with the knowledge of how human hacking i.c social engineering (including deception and influence) works. Now that all attention is on the phenomenon of fishingmail, vishing, smishing (including e.g. whats-app fraud), it is time to take a closer look at the vulnerability of people and their knowledge of the organisation. Taking the staff by the hand, in beholding education with the necessary practical interpretation for the students themselves and letting them know what it means, to be hacked as a person in combination with the above techniques. Often phrases are used as; "I have nothing to hide, I would never tell my password, it doesn't concern anyone what I have in a bank account, etc.". It is amazing how easily these same people answer these questions. So there is work to be done and to stop loosely assuming that everyone is assertive enough not to share company information. For more information on the topic of human hacking(social engineering) and training, visit; www.tri-c.nl

Overview

Curious how we can help?

Contact us!