Feeds:
Posts
Comments

Archive for the ‘Marketing’ Category

Some very interesting research came to my attention the other day, courtesy of the ISC2.org CISSPforum on Yahoo Groups, pointing to an article in Scientific American that discussed why flattery is effective.

The research, by Elaine Chan and Jaideep Sengupta at the Hong Kong University of Science and Technology and reported first in the Journal of Marketing Research, showed that while most people can spot obvious flattery and attempts to influence them, on an innate subconscious level it actually works!

The study showed that while participants explicit attitudes rejected marketing come-on’s, their implicit attitudes were more positive and could be used to predict future behavior.  This susceptibility to flattery may stem from the basic human need to feel good about oneself, referred to as illusory superiority or the above-average effect.

In testing whether or not the motive to self-enhance was related to insincere flattery, the researchers showed that, in the words of Scientific American, “those of us who could use a little pick-me up to begin with are particularly vulnerable to the message behind a smooth sales pitch”.

So, how does this relate to information security and why is it important?  This all goes back to social engineering and the ability to market towards or convince other people to do what you want them to.  Knowledge of these behavioral responses can be applied to social engineering as part of penetration testing and taught as part of security awareness training.  On the converse, look for this to be used in phishing attempts.

And what about security product marketing from vendors?  We all know about FUD, but should the F stand for flattery instead?  ‘Yes, this new Intrusion Detection/Prevention System does make me feel sexy!’ Probably not, but more likely about being told how much more secure you’ll be, which translates internally to how good of a security person you think you are.

The takeaway ~ keep your BS filters on high and understand that at some basic level, like Fox Mulder, you want to believe.  Doing so may open you to accepting more risk…

Food for thought.

by Bill Wildprett, Suspicious Minds blog, Copyright 2010

Advertisements

Read Full Post »