St Petersburg University researcher on how cybercriminals "hack" a human being in a Heinrich Terahertz podcast
Maksim Abramov, Associate Professor in the Department of Informatics at St Petersburg University and Consultant to the Senior Vice-Rector for Academic Activities at St Petersburg University, is the guest of the 17th episode of the popular scientific podcast "Heinrich Terahertz". He spoke about information security measures, social engineering, and the perpetual battle raging between malicious hackers and cybersecurity professionals.
Maksim Abramov noted that today cybercrime can be divided into two large categories: attacks on information systems, using vulnerabilities of a technical nature, and psychological manipulation of human vulnerabilities. Furthermore, the second type of cybercrime is becoming increasingly relevant today. The attackers employ sophisticated psychological tricks, exploiting the biggest weaknesses of the human mind. Thus, not only can they gain unauthorised access to sensitive information, but also influence human behaviour.
Maksim Abramov shared that the research team under his leadership is working to preventively identify vulnerabilities of a particular person’s mind based on his or her psychological profile. This may help to mitigate the cyberattacks beforehand.
Maksim Abramov is Associate Professor in the Department of Informatics at St Petersburg University, Consultant to the Senior Vice-Rector for Academic Activities at St Petersburg University, a researcher and Head of the Laboratory of Applied Artificial Intelligence at the St Petersburg Federal Research Centre of the Russian Academy of Sciences (SPC RAS), and Executive Director of Data Research at Sberbank. He has authored over 150 research publications on information security; social engineering attacks; security analysis of information system users; and much more.
"We assume that people with different personality types respond differently to different types of cyberattacks. That is to say, some people are more vulnerable to certain types of attacks — phishing, for instance, while others are more susceptible to other types of cyber crime. We are trying to create a psychological profile of a person, and based on these data to understand what attacks he or she is more susceptible to. This will help to protect people in a more targeted manner. In some cases, this is prevention. In other cases, this is differentiation of access rights," said Maksim Abramov.
Importantly, it is not just ordinary people who are at risk: even cyber-savvy people are vulnerable to social engineering attacks. Hence, we need to constantly enhance cyber defence technologies, as cyber criminals are also continuously upgrading their strategies. This results in a perpetual cyber security arms race, in which parity has been maintained so far.