- Security TWENTY
- Women in Security
Author Raef Meeuwisse
ISBN No 978-1-911452-23-2 (paperback)
Review date 21/02/2019
No of pages 214
Publisher Cyber Simplicity Ltd
Publisher URL https://www.cybersimplicity.com/cswp/publications/
Year of publication 18/01/2019
How to hack a human: cybersecurity for the mind, by the consultant Raef Meeuwisse, takes you through social engineering - a topic you may have heard of; then takes you to plenty of other subjects maybe not so familiar, and maybe not obviously to do with security, writes Mark Rowe.
One striking feature of Raef's book is the sheer amount of new words around 'human hacking', a sign of how we've had to come to terms with it. Spear phishing, laser phishing, vishing, smishing, dorking; thank goodness for the 21 pages of glossary at the back. Some phrases have entered the English language, such as 'honey trap' and 'dumpster diving', and note the physical as well as online variety of threats.
It's understandable that the author pays such attention to words and their meanings, for he's written also a dictionary of cyber terms.
Take 'worn keys' for example; the 'human hacker' might look at an alarm panel or access keypad at a door, and guess the correct combination from the most worn buttons due to their frequent use. And if the four worn keys are 1,7, 8 and 9, chances are that the four-digit access code is 1978, someone's year or birth, rather than the more random and harder to remember 9187. Hackers know us better than we care to know ourselves.
Such insights and such a book would be a useful summary to a vivid and ever-developing field. Raef goes further by taking us into psychology and physiology; how hackers are only some of the people using well-appreciated (and labelled) techniques for manipulating.
The author defines human hacking as 'to intentionally manipulate the cognitive processes of a person through means he or she would ultimately consider covert or unethical'. The 'ultimately' is there because the hacking makes us do something not in our best interests - if a call centre employee on the phone or a receptionist at the foyer, disclosing corporate information, or anyone giving away personal details, or someone scammed into giving away money. But we only realise, if at all, too late to stop the scam or ploy from working. As the author goes on to spell out, this takes us well beyond data protection, into marketing, and companies using 'persuasion tools', and how we relate to tech. As the author lays out, to defend ourselves, we need to understand how we're compromised, and mitigate and disengage, whether by spotting the underhand tactic - whether the goal is to win an election, get you to subscribe to a product, or steal personal data.
If there's one chapter I would single out, it's the final one, where Raef looks to the future. He suggests that mankind's technical innovation is getting faster; and we can expect in 2030 automated call centres, groceries arriving via signals from a 'smart refridgerator', the ability to holoport anywhere (an image of you can turn up anywhere, and you wear glasses and can 'see' from that location), and implants to help us learn - which sounds like what Professional Security featured in the December 2018 print issue; memory implants that could do great and remarkable good, but also be hacked, deleted and spied-on. Humans will struggle to keep up. Raef makes a plea for us to avoid bondage to tech; to 'learn how to adapt to the reality of unscrupulous, amoral hackers, advertisers and supposedly legitimate organisations. We need to re-educate our brains.'
Again, as that statement suggests, the author's canvas is beyond cyber-security; it's protection of people in the widest sense, an appeal for us to hold on to what's human in us, resisting, while staying abreast of tech, to avoid being de-skilled. For we have not been designed to face adversaries that can operate faster than our brain, who can digest and make connections between data quicker than we can.
As an aside, given that Raef touches on fake news, and fake reviews (page 43), I should confirm that I am a real person and this is a real review.
On sale as paperback, hardback and ebook.
Other books you might consider; by Mike Comer (with Timothy Stephens) Deception at Work; and books on social engineering and hacking by people in those fields.