Hello, and welcome back to this next TomCast from GuardSight, an Iron Bow Technologies company; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.

Today we’re going to discuss an interesting topic that is rather fresh in the industry. That topic is personally identifiable behavior, otherwise known as PIB. One of the big topics throughout the cybersecurity industry has been the protection of personally identifiable information, or PII. Drivers license numbers, social security numbers, credit card numbers, all of these have been of high value to the threat actor out there trying to harvest information.

Why the shift from information to behavior? What benefit is there to having data on how someone behaves versus having their personal information? Well, therein lies the discussion we are having now. Think about how you behave when presented with various scenarios. When you are hanging out with friends, how do you typically behave? What about when you are in the office? How do you handle stress? How do you handle interruptions to your daily routine, whether they be personal or professional?

As we have discussed in the past, social engineering preys on the human factor within an organization and within security. Phishing, vishing, and smishing attempts prey on emotional reactions versus logical ones. Click here to win $100,000.00! If you don’t contact us at this link right away your data could be at risk! Your computer has been infected, click here now to have us clean the infection and protect your information!

Cyber experts out there are probably not phased at all by messages like these, but some of you might get a minor emotional reaction as you may have seen things like this before. The emotions want you to click to make everything ok, when logic tells you that will only make things worse. How does that actual behavior matter, though? Isn’t merely the fact that the message was clicked or not clicked that truly matters?

Welcome to the next generation of threat. With the ever-growing popularity of artificial intelligence, or AI, threat actors are gathering more and more intelligence to achieve their nefarious goals. Now, while some of you out there might be saying to yourself “duh, that isn’t rocket science we’re talking about, that is how threat actors are all the time”, this is true, but here is the difference when dealing with PIB.

Understanding how you react to emotional stimuli helps threat actors craft their approach. If they know how you react, how you behave, they can tailor their messages and their activities to manipulate your behavior in their favor. As you start digging down even deeper into this rabbit hole, this is something that has been attempted or, rather, in process for decades. Also known as psychological warfare, or ideological subversion, the true ramifications of the manipulation of behavior become quite sobering.

Years ago, in the 1980’s as a matter of fact, there was an interview with a former soviet KGB agent Yuri Bezmenov that states the following:

“What it basically means is: to change the perception of reality of every American to such an extent that despite of the abundance of information no one is able to come to sensible conclusions in the interest of defending themselves, their families, their community, and their country.”

This guy was discussing what propaganda and psychological warfare was trying to accomplish 30+ years ago, and here we sit watching this stuff come true. Think for a moment about youth these days. A large percentage of them are on the internet on a regular basis. One would hope, in an ideal world, that parents were monitoring everything that the child, adolescent, or teen was watching or interacting with. Well, we’re not in that ideal world, and many technological devices are used as virtual babysitters.

Take that up another notch. Now we have VR (well, VR has been around for years, but is becoming much more popular). What kind of information is bombarding the senses in the VR world that you as a parent, guardian, or loved one cannot see from the outside? We are inundated with more information than any generation before us. Some factual, some fiction, but the sheer amount starts blurring those lines.

What is another risk of PIB theft? Once a threat actor understands how you react and how you behave, they can start manipulating someone in ways that can eventually change one’s core beliefs. Once the core beliefs are changed to align with the threat actor, they can expand their operations and their nefarious activities. Their cause is now more broadly supported due to those new belief structures that have been manipulated into place.

Rather chilling, and very sobering information. If you are a parent that allows your child to surf the internet on their own, perhaps begin asking questions about where they go, what they’ve seen, and gain a better understanding of the content they are viewing. Limit their exposures where possible, especially in the cases of virtual reality. Teach your kids and loved ones, strengthen their beliefs through study and dedication. Keep lines of communication open, and if you are worried that your information has been compromised reach out to the cybersecurity professionals at GuardSight and IronBow. They can help you better understand what has occurred, and what courses of action you can take to protect yourself in the future.

We here at GuardSight and Iron Bow thank you for taking the time to listen to this TomCast. For more information on various cybersecurity tips head on over to our website and check out more TomCasts. Those are located over on www.guardsight.com/tomcast. Or, if you would like more information on what GuardSight or Iron Bow can do for you, head on over to www.guardsight.com or www.ironbow.com and contact us. There are several free cybersecurity tools out there that can help you improve your overall security posture. We’d love to hear from you! Thanks!