Restoring Trust to Digital Communications: Working with Human Nature
Cybercriminals have used email to scam more than $13 billion out of organizations since 2013, according to the most recent Internet Crime Report. Phishing is rising by the day, and despite advancing threat-detection technology, the problem is getting worse.
Why? Fraudsters are becoming more sophisticated at identifying targets and crafting messages that evade traditional secure email gateways. And humans, despite an avalanche of warnings and millions spent on security awareness training, continue to make flawed decisions about what is trustworthy and what simply is not.
Zero Trust Does Not Work
Zero Trust — the security principle that everything inside and outside a network needs to be validated before gaining access — can harden systems against external and internal attacks that lead to data breaches, embezzlement, fraud, and other malicious activities. In terms of machine interaction, it’s effective. But add people to a system and things change.
Criminals know that people are the weakest point in most systems, so they go after them. Last year, there were more than 22 phishing attacks sent every minute of every day. These organized fraudsters also know that security is always evolving, so they continuously adjust their techniques to avoid detection by SEGs and appear more convincing to their targets.
So in a world full of headlines about scams and cons, why are people so trusting? Stanford business professor Roderick M. Kramer wrote in the Harvard Business Review that not only do we come into the world hardwired to trust the people around us, but most of us go on to treat trust as a one-time decision, which we don’t revisit when we get new information.
If we’ve decided to trust emails from the CFO, we keep on trusting them, even when an urgent request to make a secret wire transfer seems a little off. Once we’ve decided to trust the emails sent from our Director of Human Resources, it takes something big to make us change our mind. The same can be true of third-parties you’ve worked with in the…
