Cybersecurity and Ongoing Awareness: Why We’re Still Falling For The Same Scams

Last night, I finally sat down and watched Netflix’s new trending film The Social Dilemna; a docudrama exploring the intentionally addictive patterns found in social media. The film sheds light on gloomy and often over-looked statistics, such as the fact that 210 million people are estimated to suffer from social media addiction. Naturally, I couldn’t help but draw parallels to my passion for cybersecurity, and the clearest comparison that stood out was our tendency to fall for the traps that we already know about.

Many of us have gone through the cliche “quitting social-media” phase. Whether it’s Facebook, Instagram, or simply mitigating our time spent on Youtube, the reason that this is considered a mere “phase” is that the vast majority of us fail to stick with it, despite the fact that we know quitting these platforms is linked to increases in happiness.

According to this study by Cornell University, only ten percent of surveyed participantshad actually managed to quit Facebook entirely. Even Tim Kendall, the former Director of Monetization at Facebook found himself addicted to the same systems that he helped to design.

In The Social Dilemma, Tim recalls how he would come back from a long day of working on Facebook’s systems, only to find himself spending his time at home largely on the app for personal use.

Tim personally worked on making Facebook as addictive as it could be, and despite this inside knowledge, he too struggled with social-media addiction! He found his screen-time so concerning that he is now actively working to combat screen-addiction in his new company, Moment.

From Tim we can see that the reason we spend too much time on social media isn’t that we don’t know how addictive these platforms can be, but because we stop thinking about it.

We get distracted, and scams are designed to manipulate our attention span in the same way.

We all know what an email phishing scam is, and phishing scammers know that we knowwhat a phishing scam is. But they also know that it only takes one error for a full data breach to occur. Scammers aren’t operating under the impression that the victim is unfamiliar with the scam; they’re operating under the knowledge that we all eventually get distracted and slip up.

Scammers know that 99% percent of the time, you aren’t going to fall for the scam. However, they also know that 1% of the time, you will. And they gear their efforts towards that one percent.

For example, look at pedestrian accidents in traffic. We were all raised on the classic slogan “stop, look, listen, think”, and in theory, we know how to avoid accidents. Yet pedestrian traffic accidents are still an ongoing issue, with nearly 40 fatal pedestrian accidents per year in Victoria alone.

The reason these accidents occur isn’t that drivers & pedestrians aren’t informed on road-safety, but that it wasn’t front of mind at the moment of the incident. The safety precautions we know to take simply slip our mind, and an accident occurs. The reason that school crossing supervisors are so effective isn’t solely because they tell kids when it’s safe to cross, but because they serve as a constant reminder to be safe when crossing the road. The lollipop person serves to remind us every single day “Hey, this road is dangerous, don’t forget it!”

And when it comes to cybersafety, sure we may have attended one or two training seminars, or enrolled in training that we sped through in one day and never re-visited, but that doesn’t do much for our ongoing awareness. Even though we know how scammers target us, it doesn’t mean that we’re adequately equipped to keep it front-of-mind.

The irony of Tim falling for the same addictive systems that he himself designed is not too dissimilar from what you find in the cybersecurity industry: hackers starting careers in cybersecurity after falling for hacks themselves, or cybersecurity professionals falling for the same scams they educate others on! Despite having the knowledge on how these hacks work, they were inevitability made victims through a lack of caution.

Again, in 2020 the average person knows what a typical scam looks like, but that isn’t enough. The only thing preventing you from clicking that malicious link is the current and active awareness that every link can be malicious. Without this, you can easily gloss over your own best advice and end up like Tim Kendall, falling for his own algorithm.

To keep your cybersecurity in front of mind, we recommend the following;

• Awareness Posters: Especially during COVID-19, wherein not all of us have a workplace with safety posters and colleagues to converse with, having a general reminder near your workstation is crucial. Even a few post-it notes or a small poster can do wonders in keeping you aware and cyber-safe.
• Ongoing Awareness Training: This is important. It’s one thing to finish a basic awareness course, but what really counts is regular and repeated training. It’s far more effective to take one lesson a month than ten lessons in a single day.
• Phishing Simulations: Rather than wait for an employee to experience it first hand, train your staff with simulations, the same way we do in a fire drill. Run semi-regular phishing campaigns so staff have a better idea on what to look out for in a malicious email.

For more information on cyber awareness and work-from-home cyber safety, visit portal.cyberaware.com/remote