October is Cyber Security Month, the European initiative coordinated by ENISA and by the European Commission to raise cyber security awareness in Europe. Ever since 2020, GÉANT has been putting its weight behind this initiative with a large-scale awareness campaign. The GÉANT CyberSecMonth 2024 campaign is entirely dedicated to the topic of social engineering and will feature the tagline “Your brain is the first line of defence”.
Each week in October we will share short videos with tips and tricks by experts from international R&E organisations, in-depth interviews with the community, blog articles and more. Also, watch this space for the new four-part animation series following the adventures of Jake Doubt, Head of the Security Team at Guilder University, and covering topics such as spear phishing, romance scams and tailgating.
You are also invited to tune in to our programme of four webinars held by security experts from industry and the wider GÉANT community. Keep checking this page and our social media accounts for all updates and follow the hashtags #CyberSecMonth and #CSM24. Download the campaign resources and visit the new Security Awareness Resources Hub to find security & privacy awareness materials for NRENs, guidelines on how to set up your own awareness programme and much more.
Cybercriminals use various manipulation techniques to trick people into revealing confidential information, based on fundamental psychological principles of human behaviour. Social engineers are aware of these human biases and exploit them in multiple ways.
With this campaign, GÉANT aims to encourage users to think critically and remain vigilant, enabling them to stay one step ahead of cybercriminals.
Social engineering relies heavily on the five ‘Principles of Influence’ established by behavioural psychologist Robert Cialdini. These principles are also commonly used in sales and marketing.
Here’s an overview:
- Liking: People tend to give more credibility to those they like than to those they do not. To exploit this, social engineers try to appear trustworthy and attractive, and they pretend to share similar interests.
- Reciprocity: People naturally feel inclined to return a favour. Social engineers exploit this by offering something small, like advice, making you feel obligated to give something in return.
- Commitment and Consistency: Once we make a decision, we often feel compelled to stick with it. Attackers take advantage of this by first getting you to agree to small requests before asking for something bigger
- Social Proof: We are more likely to support a product or initiative if people we trust have endorsed it. Attackers may use social networks to exploit this by claiming that your online friends have already approved an action, product or service.
- Authority: People tend to trust experts or those in authority more than others. Attackers might use phrases like “according to experts” or “science proves” to persuade you to agree to something.
From face-to-face interactions exploiting trust, to sophisticated online schemes that trick people into revealing sensitive information, these tactics can take many forms. Below is a list of some kinds of attacks illustrating the diverse strategies used to manipulate individuals:
- Phishing - spear phishing // smishing // vishing
- Pretexting
- Tailgating
- Baiting (USB)
- CEO fraud
- Romance scam
For our protection from social engineers, we humans have a powerful weapon: our brain! It’s sufficient just to take a moment to think critically.
- Is this request question realistic?
- Who is the sender of the message?
- Why am I getting this call out of the blue?
Cyber Security Month News
-
GÉANT CSM24 - Your brain is the first line of defence - EP1: A strange request
-
GÉANT CSM24 - Community experts - Ana Alves, GÉANT
-
CSM24 Webinar - A new insider threat taxonomy, and mitigation strategies - Karen Renaud | 3 Oct 2024
-
GÉANT CSM24 - Community experts - Andy Roebuck, GÉANT
-
GÉANT CSM24 - Your brain is the first line of defence - EP2: Beware of love at first click
-
GÉANT CSM24 - Community experts - Jasmina Mešić, SI-CERT / Arnes
-
GÉANT CSM24 - Community experts - Elis Bertazzon, GARR