Human beings are an arrogant species. We consider ourselves to be highly evolved. We think we have superior brains. We feel we are in full control of our beliefs and behaviors. Because the alternative—that we’re not in control, and worse, that we can be manipulated—is frightening. And yet, history is brimming with various examples of how reasonably intelligent people can be made to do things other reasonably intelligent people would never even contemplate.

The Basics of The Human Brain

When considering the human brain and its “higher functions” of thought and action, we’re referring to the cerebrum—or more precisely, the neocortex, which is the part of the mind that processes information. All “intelligent” animals—like humans, other primates, dolphins—all have a neocortex. Our so-called “little brain” is the cerebellum, which coordinates and regulates muscular activity, such as movement, balance, and posture. We use the cerebellum for voluntary activities like walking. From an evolutionary perspective, this part of the brain is much older.

The limbic system sits underneath the neocortex and is the part of the brain that deals with instinct and mood. It’s often referred to as the “emotional brain” as it contains the amygdala, which is responsible for emotions, survival instincts, and memory, and can activate an automatic, instinctive reaction—fight, flight, or freeze—without the thinking or deciding that happens in the neocortex. If you’ve heard the term “lizard brain,” that’s the amygdala. And finally, there’s the brain stem, which is responsible for those functions that just happen automatically to keep you alive without any need to think about it—breathing, heartbeat, blood pressure, and the like. If any part of the human mind that can be called “simple,” it’s the brain stem.

Using Brain Science to Influence Behavior

It’s been said that people buy things based on emotion, and then they justify the purchase using logic. In other words, the gray matter inside the cerebral hemisphere, or amygdala, drives the action, and the neocortex kicks in afterwards to rationalize the behavior. Many companies use this understanding of neurological science to entice our lizard brains into buying their goods. A whole industry has grown up around so-called neuromarketing because it works. Countless studies have proven it again and again, so it shouldn’t come as a surprise that these same principles are used by bad people with more nefarious intentions.

Consider the notion of propaganda. Wikipedia defines it as “information that is not objective and is used primarily to influence an audience and further an agenda, often by presenting facts selectively to encourage a particular synthesis or perception, or using loaded language to produce an emotional rather than a rational response to the information that is presented.” That’s exactly what the Internet Research Agency (IRA) is purported to have done to promote the Kremlin’s interests in domestic and foreign policy, including Ukraine and the Middle East, as well as to attempt to influence the 2016 US presidential election. More recently, Sweden’s Twitter space was flooded with bot-generated posts created for the purpose of swaying voters. Because of the technology we have today, the influence of such techniques can be highly targeted and broadly amplified. This isn’t about printing leaflets. It’s propaganda on steroids—and you don’t even see it coming. These stories focus on attempts to hack people’s behavior for political purposes, but cybercriminals could just as easily use these techniques for monetary gain.

The Many Ways Humans Can Be Hacked

Cyber attackers look for system vulnerabilities to exploit, and humans have long been one of those systems. The early email scams—those messages from Nigerian princes and lotteries—take advantage of technology as a fast distribution mechanism, capable of reaching millions of people, but the hack itself is purely psychological. Nowadays, many email-borne threats have a technological component in the malware that creates exploitable holes in a computer environment, but they still require humans to be the enabler. And this kind of phishing is just one social engineering technique; there are plenty more in the hacker’s toolkit.

These techniques work, but they lack sophistication. The Russian troll factory is quite another story. Technology played a huge part in this massive effort. Social media, where we tend to create our own little echo chambers anyway, was the perfect environment. Big data analytics made it easy to test huge numbers of message variations and fine-tune them with incredible granularity. And highly segmented targeting (at a low cost, mind you) delivered those messages with the precision of a heat-seeking missile. But again, the technology, as sophisticated as it was, was simply the means to influence human behavior.

As technology gets smaller and more embedded—think wearables and other tech that becomes more than just part of our daily lives, it becomes part of us—an increasing number of opportunities arise to attract our lizard brains and influence our behavior, all without our ever noticing.

No Easy Fix

Many types of cyberthreats are purely technological, and that’s not likely to change. Those may ultimately be the easy (or at least easier) ones to combat. Software can be patched, while environments can be hardened. But it’s much, much harder to fight cyberthreats that target our lizard brains. Platforms can try to identify this type of activity—Facebook is grappling with this now ahead of the 2018 elections. Education is, of course, always a critical component of cybersecurity. The challenge is that technology gets increasingly sophisticated, but the human brain does not. There’s no patch we can deploy, no upgrade we can install. All we can do is recognize the vulnerability of the lizard brain and keep our neocortex vigilant for attempts to circumvent it.

Related Resources:

Off-The-Shelf Hacking Tools & Opportunity Cost Of Cybersecurity
Why Securing Small Business Against Hacking is Important
Hacking People: Is The Human Brain The Ultimate Attack Vector?
Hacking Your DNA: What You Need To Know About The Testing Dilemma

ITSM Software Open Source

Post a comment