Social engineering, as defined in the IT security sector, involves the manipulation of people rather than technology to successfully breach an enterprise's security. Social engineering remains the single greatest security risk, despite our advances in technology, and many of the most-damaging security penetrations are the result of social engineering, not electronic "hacking" or "cracking."
I was especially taken by the following table. It apparently comes from a study published in Scientific American (February 2001) that cited six basic tendencies of human behavior that help generate a positive response:
| Behavior | Definition | Example |
| Reciprocation | Someone is given a "token" and feels compelled to take action. | You buy the wheel of cheese when given a free sample. | Consistency | Certain behavior patterns are consistent from person to person. | If you ask a question and wait, people will be compelled to fill the pause. |
| Social Validation | Someone is compelled to do what everyone else is doing. | Stop in the middle of a busy street and look up; people will eventually stop and do the same. |
| Liking | People tend to say yes to those they like, and also to attractive people. | Attractive models are used in advertising. |
| Authority | People tend to listen and heed the advise of those in a position of authority. | "Four out of five doctors recommend...." |
| Scarcity | If someone is in low supply, it becomes more "precious" and, therefore, more appealing. | Furbees or Sony Playstation 2. |
| Source: Gartner Research | ||
I think we all want to influence others to do something for us once and a while, and this table would appear to provide a tool to help us think thru how to achieve that end. (Thanks Ellie for telling me about the table.)
No comments:
Post a Comment