I don’t need friends, I have followers
Admittedly, I didn’t really mean to utter those words but found them coming out of my mouth nonetheless. Well what else do you say when an eight year old ridicules you because they have more friends? In my defense, the response was never truly serious, and was born out of the research for the next book titled “The (un)social network.”
The findings for this new book bring up a number of important questions:
- Are relationships on social media more superficial in comparison to those in real life, and if so, what are the implications of this perceived broader but shallower network?
- The use of proximity to develop our social networks as observed by J.A Barnes in a Norwegian fishing village is now replaced with those with which we share common interests. What are the implications of such a fundamental evolution within society?
- Can we realistically rely upon quantifiable metrics to determine competency? In other words: do the number of views, likes, followers, connections, and indeed recommendations act as a reliable indicator of capability or trust?
These and other fundamental questions highlight how technology is changing the way in which we interact. From an information security perspective there also exist significant considerations regarding the use of such networks to coerce employees into performing actions that may result in malicious content entering the enterprise.
In the last white paper I co-authored with Charles McFarland entitled “Hacking the Human OS“, we analyzed the role of the six subconscious levers used for influence, and their role within cybercrime (particularly phishing communications).
The majority of social engineering attacks leverage either the use of Authority (I am your bank, please provide us your login banking credentials), and/or the use of Scarcity (hurry enter your credentials or we will lock out your account). However, the use of social networks to infer capability, and even trustworthiness based on quantifiable metrics, is not only more prevalent but also routinely advertised. One provider of fake followers even advertises that such metrics provides social credibility.
Social credibility is sought by criminals. They leverage stolen social media credentials to distribute malicious links, and shortened URLs and a “trustworthy” account usually translates into multiple clicks and subsequent infections.
Understanding such fundamental social changes and the subconscious thought process behind unsafe actions is imperative in preventing the “Human OS” from being hacked. But, as we have seen, it’s not as simple as standing up and delivering a PowerPoint presentation with the advice of “Don’t click here”. The bad guys have made great strides in understanding how we interact and communicate – it’s time we did also.
Oh, and before you ask, yes, I am on Twitter, and I have lots of “friends” there.