Combating Cognitive Bias How bias colors our perceptions and decisions, enables deception, and what we can do about it.
Perry Carpenter Chief Evangelist & Strategy Officer KnowBe4
Disclaimer
Classified as Confidential
KnowBe4 Social Engineering Axioms 1. Social engineering is the act of manipulating humans into providing confidential information or performing harmful actions. 2. Humans are the most target-rich environment for attackers, because all humans are vulnerable to deception, influence, and disinformation. 3. Attackers rely on social engineering because it is often the fastest way to further their goals. 4. An attacker only has to be successful once to compromise their target while the target needs to be successful 100% of the time to avoid compromise. 5. Attackers are innovative and will utilize new methods to deceive and manipulate their unprepared victims.
KnowBe4 Social Engineering Axioms 6. Motivated attackers or errant humans often bypass very expensive technical controls. 7. The human mind tends to take shortcuts in the absence of full understanding.
8. A distracted mind is a vulnerable mind. 9. Effective education is the only means to arm humans against deception and disinformation. 10. Security education is not done enough and not often enough to prevent social engineering.
When dealing with people, remember you are not dealing with creatures of logic, but with creatures of emotion, creatures bristling with prejudice and motivated by pride and vanity. -- Dale Carnegie
Imagine
https://www.nar.realtor/blogs/styled-staged-sold/3-reasons-why-s taging-a-vacant-home-is-critical
Imagine
https://www.nar.realtor/blogs/styled-staged-sold/3-reasons-why-s taging-a-vacant-home-is-critical
Imagine
https://www.nar.realtor/blogs/styled-staged-sold/3-reasons-why-s taging-a-vacant-home-is-critical
Imagine
https://www.nar.realtor/blogs/styled-staged-sold/3-reasons-why-s taging-a-vacant-home-is-critical
Imagine
https://www.nar.realtor/blogs/styled-staged-sold/3-reasons-why-s taging-a-vacant-home-is-critical
Imagine
https://thedecorologist.com/occupied-home-staging-befores-a fters/
Imagine
https://thedecorologist.com/occupied-home-staging-befores-a fters/
Imagine
https://thedecorologist.com/occupied-home-staging-befores-a fters/
Imagine
https://thedecorologist.com/occupied-home-staging-befores-a fters/
Halo Effect
• Positive Impression • Higher Equity • More Trust & Better Value
Horn Effect
• Negative Impression • Lower Equity • Lesser Value & Low Trust
Now let’s extend that Idea
Now let’s extend that Idea
Now let’s extend that Idea
We make decisions based on emotion, and then use logic
to justify our decisions. Elephant and Rider https://www.youtube.com/watch?v=DXyoJ343nV U The ELEPHANT is our primal side… driven by emotion.
The RIDER is our logical side. It can give direction to the elephant, but the elephant has a lot more mass and can often feel like it has a mind of its own. It can be extremely difficult for the rider to control.
Thinking, Fast & Slow (Daniel Kahneman)
Graphic Source: https://readingraphics.com/book-summary-thinking-fast-and-slow/
Cognitive biases
sneak in.
They underlie much of our thinking and all our assumptions.
… and they can easily be exploited Cognitive bias is why political conversations on Facebook never go well
Note the implications across memory, social, learning, belief, money, and politics.
https://www.visualcapitalist.com/50-cognitive-biases-in-the-modern-world/
“If the facts don’t fit the frame, it’s the facts people We’ve reject, not the been framed frame.”
Susan Bales, President of FrameWorks
What’s an OODA-Loop • Manipulate facts
and how can it be • Withhold facts hacked? • Manipulate Context • Manipulate Attention Observe • Exploit known bias
• Invoke Emotion Act Orient • Feed them a
”truth sandwich”
Decide • Leverage the Cialdini Principles
The OODA Loop
Source: https://en.wikipedia.org/wiki/OODA_loop Trojan horses for the mind
Images are a Compression Algorithm for the Mind
QM Design Group
Which do you more immediately respond to?
These?
Facebook Coca-Cola YouTube Taco Bell Which do you more immediately respond to?
Or these?
You can even remove the names
and retain the meaning Now for an experiment…
Which is quicker and easier to mentally process?
This is why memes are powerful vehicles for delivering truths, recalling shared experiences, …
… and exploiting cognitive biases
Disinformation is a form of social engineering that leverages cognitive bias … and it is destroying us
The ”4D” Offensive Strategy of Disinformation
an opponents claims or allegations Dismiss
events to serve political purposes Distort
from one’s own activities, and Distract
those who might otherwise oppose one's goals Dismay
• “Fake news” is a politicized term • We are in a weaponized The State of information situation • Media is in the attention business, Play resulting in fake news laundering • Social media are the most powerful tools on the planet
How an operator employs or abuses underground, gray, and legitimate marketplaces to disseminate fake news
https://documents.trendmicro.com/assets/white_papers/wp-fake-news-machine-ho The Fake News Machine How Propagandists Abuse thew-propagandists-abuse-the-internet.pdf Internet and Manipulate the Public Division drives clicks, outrage, disenfranchisement, etc… Taming the Elephant
https://www.youtube.com/watch?v=X9KP8uiGZTs
1. Give direction/knowledge to the rider
2. Motivate the Elephant by tapping into emotion
3. Shape the path to allow for easy progress
Taming the Elephant
Resources • The Catalyst: How to Change Anyone’s Mind, by Jonah Berger • Predictably Irrational: The Hidden Forces That Shape Our Decisions, by Dan Ariely • Pre-Suasion: A Revolutionary Way to Influence and Persuade, by Robert Cialdini • The Reality Game: How the Next Wave of Technology Will Break the Truth, by Samuel Woolley • The Righteous Mind: Why good people are divided by politics and religion, by Jonathan Haidt • Thinking, Fast and Slow, Daniel Kahneman • Why Are We Yelling: the Art of Productive Disagreement, by Buster Benson
Remember to fill out
YOUR SURVEY
Q& A