The Art of Cyber Deception: How To Get Inside The Mind of A Hacker with Rob Black
In this episode of Razorwire, I sit down with Rob Black, a dynamic figure in the world of cybersecurity with a unique background in military strategy and defence. From the realms of computer game design to the high stakes world of defusing IEDs, Robert brings unparalleled insight into how we can revolutionise cybersecurity by understanding and manipulating the psychology of our adversaries. This episode is packed with outside-the-box strategies that will transform your approach to defending your network.
In our conversation, Robert and I explore the intersection of human psychology and cybersecurity, emphasising the impact of deception and misinformation on attackers. Robert shares parallels to military tactics and offers practical advice on psychological tools to gain an upper hand in infosec. We discuss real world studies and notable cyber incidents like Stuxnet to underscore the importance of strategic thinking beyond mere technological solutions. Tune in for an engaging discussion that could reshape your cybersecurity practices.
Key Talking Points:
1. Deception Tools and Strategy – Robert explains how to slow down attackers using deception technology, inspired by military tactics, causing them to mistrust their tools and make erratic decisions.
2. Psychological Influence on Threat Actors – Learn how to improve the effectiveness of your network defence by understanding and engaging with the decision making processes of threat actors.
3. Real World Case Studies – We discuss impactful examples, including the NSA’s deception studies and the infamous Stuxnet attack, to illustrate how psychological and strategic insights can be applied to bolster cybersecurity efforts.
Join us on Razorwire and arm yourself with revolutionary tactics to stay ahead in the constantly evolving landscape of cybersecurity.
Deception 2.0: Envisioning the Future of Cybersecurity
“So attackers believe the systems they’re using because they’ve got no reason to believe the computer won’t lie. So how do we make it, inside our manmade network, that they have to tread carefully because they don’t know what to trust and what not to trust?” Robert Black
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
– Psychological Defence in Cybersecurity: How we can use psychological tactics, such as inducing paranoia, in defending against cyber threats.
– Effectiveness of Deception: We discuss an NSA study which demonstrates how knowledge of deception impacts penetration testers’ speed and decision making.
– Human Factors over Technology: We talk about the merits of using human behaviour analysis and psychology alongside technology for cybersecurity strategies.
– Corporate Espionage and Misinformation: How to use misinformation and disrupt attackers’ expectations as part of your defence strategy.
– A Multidisciplinary Approach to Cybersecurity: We discuss the merits of incorporating diverse perspectives, including arts and philosophy, into cybersecurity education and strategy.
– Vendor and CISO Relationships: Why vendors must understand and address the real problems faced by CISOs.
– Proactive Defence Strategies: Why we need to move beyond assurance to proactive measures in cybersecurity defence.
– Shift in Cybersecurity Mindset: How to progress the growing recognition of cybersecurity as a critical business threat and the importance of improved risk assessments.
– Influence of Deception Technology: How we can use fake networks and behavioural economics techniques to manipulate attackers’ behaviour.
Guest Bios
Robert Black
Rob left the UK government in 2014 after over a decade supporting the development capabilities for British and allied military and cyber operations. Since then, Rob has been a lecturer in Information Activities at Cranfield University, part of the UK Defence Academy and teaches on the UK MoD’s Cyberspace Operations MSc. From 2020 to 2024, Rob was the Director of the UK Cyber 9/12 Strategy Challenge leading on the development of the next generation of cybersecurity leaders. He was also Deputy Director of the UK National Cyber Deception Laboratory since its inception in 2019 to 2022, where he encouraged the development of a proactive approach to cyber defence through the use of deception techniques and other novel measures to confuse and disrupt cyber attackers. He remains involved in shaping policy dialogue on issues such as national security, cyber and intelligence through his role as an Associate Programme Director at Wilton Park, part of the UK Foreign Commonwealth and Development Office, and also acts as a senior adviser to the International Information Integrity Institute (i-4), owned by KPMG.
Resources Mentioned
– LinkedIn (Robert Black’s profile)
Other episodes you’ll enjoy
The Human Psychology Behind Cybersecurity With Bec McKeown https://www.razorthorn.com/the-human-psychology-behind-cybersecurity-with-bec-mckeown/
Criminal Minds: How the Cyber Crime World Works https://www.razorthorn.com/criminal-minds-how-the-cyber-crime-world-works/
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Loved this episode? Leave us a review and rating here
All rights reserved. © Razorthorn Security LTD 2024