Zero credulity

Zero credulity

Where does our gullibility come from? Is it culturally determined or is it learned behaviour? Is it 'embedded' in our market orientation, in our customer-friendliness and our open attitude? But where is the limit?

People are often identified as the weakest link in the digital world.

People are often identified as the weakest link in the digital world. Cyber ​​criminals, especially social engineers, focus on people by seeking physical contact. In this way, determining factors are sought. Rapprochement is sought by making use of plausible and logical topics. They use, among other things, texts that matter. Texts that people, as a customer-friendly link, do not see one, two, three coming as danger or deception. That is also logical if you start from the good in people. The all- encompassing credo 'awareness' is not sufficient here, let alone that it cannot be maintained 24/7.

In this context, humans are not weak, provided they are trained, supervised and tested for behaviour, so that they could recognize a social engineer attack. It seems obvious, but organizations must first identify, establish, propagate and monitor that behaviour. This requires an active interpretation of leading people. Knowing who or what (active, creative, responsible, conscious etc ..) the staff is. Based on conversations and frequent personnel contact, getting a good idea of ​​what the employee can do, but also getting a picture of the personal situation. It is all too easy to hire an employee, give him or her all the means available, only to find out later that seemingly very obvious issues are not being dealt with in an adequate way for the employee. After all, every person is different.

Involvement of staff can be motivated, activated and stimulated through education and clarity.

In order for the personnel to move according to the guidelines of the desired corporate identity, the working method and the associated expected execution must be clear. Raising corporate culture to blood type sounds ideological, but it is a step towards everyone's involvement in the core business of the organization. Especially in times when hired workers, freelancers, zero-hour contractors, outsource parties, etc., may be less interested in the corporate culture or guarding the crown jewels of the organization. Here the danger lurks from within (insiders threat). Involvement of staff can be motivated, activated and stimulated through education and clarity. Knowledge of social engineering and how to recognize attacks is indispensable. It can be part of that education. If staff can be critical of what they hear and see and refute this through recognition, the training will have been successful and a big step towards 'zero credulity' has been achieved.

Overview