How cultural values can be used in cybersecurity attacks, with Dr Char Sample

On Episode 6 of series 2 of the Re-Thinking the Human Factor podcast, we are joined by Dr Char Sample to dive into the topic of culture and the role it plays when it comes to cybersecurity. But this podcast chat is not what you will expect to hear when it comes to culture; we’re going to explore how your cultural values can be used against you in cybersecurity attack. 

Some of the topics we’re going to dive into during this podcast episode include Cultural Dimensions, Geography of Thought, and Values as a Vector for Attack.

Culture and cybersecurity

Dr Sample is a researcher-fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and has over 20 years experience in the information security industry. Dr Sample’s area of research examines the role of national culture in cybersecurity behaviours. At the moment, Dr Sample is continuing research on modelling cyber behaviours by culture. Other areas of research are information weaponisation, data fidelity and fake news. Dr Sample is a frequent collaborator with the University of Warwick, in the UK which is where she completed her fellowship.

“It’s an old Russian proverb: ‘TRUST, BUT VERIFY.’ We put all of our eggs in trust and we left verify exposed.”

JOIN CHAR SAMPLE AND BRUCE HALLAS AS THEY DISCUSS THE FOLLOWING:

  • The meshing of two schools of cultural thought to create a more complete cultural model from which to approach awareness, behaviour, culture, and even defence campaigns:
    • Hofstede’s Cultural Dimensions Theory
    • Nisbett’s work: “Geography of Thought: How Asians and Westerners Think Differently…and Why”
  • Design for success – Whether you’re designing a phishing campaign, an education awareness campaign, how you’re going to manage incidents, whatever it is, it’s about understanding that all of this is being done with people in mind, either as the victims, the perpetrators, or the middle people.
  • You can’t shape culture in the short-term, which causes a clash between organisational culture and security culture. Organisational cultures often look for success metrics every quarter, but culture takes much longer to change.
  • We all have cultural lenses, and those cultural lenses help us (or don’t help us) with the definition of what it is that we see.
  • The Cultural Dimensions Theory is old enough that we now have tons of data to analyse around the 6 dimensions.
  • Cultural values are very enduring because those values are reinforced all throughout society. So, you’ve got this lifelong influence on culture / shaping of culture, and you’re trying to set up a security culture within your organization — Which one is going to win?
  • Insights around culture and how that relates to victims.
  • How important is the role of values in decision-making? Also, Char shows an example of how to map behaviour to Hofstede’s Cultural Dimensions to give a possible answer to the question.
  • Culture as a vector for attack.

“We have a tendency to want to throw technology at the problem. But of you don’t take the cultural values of the person who’s sitting at the end of the computer there, and who’s going to be the recipient of this data, if you don’t take that into account, you can at best have a partial success.”

Further study and research

About Dr Char Sample

Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.

Thanks for listening and sharing.

Bruce & The Re-thinking the Human Factor Podcast Team

On Episode 6 of series 2 of the Re-Thinking the Human Factor podcast, we are joined by Dr Char Sample to dive into the topic of culture and the role it plays when it comes to cybersecurity. But this podcast chat is not what you will expect to hear when it comes to culture; we’re going to explore how your cultural values can be used against you in cybersecurity attack. 

Some of the topics we’re going to dive into during this podcast episode include Cultural Dimensions, Geography of Thought, and Values as a Vector for Attack.

How cultural values can be used in cybersecurity attacks, with Dr Char Sample

by Bruce Hallas | Re-thinking the Human Factor Podcast

Culture and cybersecurity

Dr Sample is a researcher-fellow employed for ICF at the US Army Research Laboratory in Adelphi, Maryland and has over 20 years experience in the information security industry. Dr Sample’s area of research examines the role of national culture in cybersecurity behaviours. At the moment, Dr Sample is continuing research on modelling cyber behaviours by culture. Other areas of research are information weaponisation, data fidelity and fake news. Dr Sample is a frequent collaborator with the University of Warwick, in the UK which is where she completed her fellowship.

“It’s an old Russian proverb: ‘TRUST, BUT VERIFY.’ We put all of our eggs in trust and we left verify exposed.”

JOIN CHAR SAMPLE AND BRUCE HALLAS AS THEY DISCUSS THE FOLLOWING:

  • The meshing of two schools of cultural thought to create a more complete cultural model from which to approach awareness, behaviour, culture, and even defence campaigns:
    • Hofstede’s Cultural Dimensions Theory
    • Nisbett’s work: “Geography of Thought: How Asians and Westerners Think Differently…and Why”
  • Design for success – Whether you’re designing a phishing campaign, an education awareness campaign, how you’re going to manage incidents, whatever it is, it’s about understanding that all of this is being done with people in mind, either as the victims, the perpetrators, or the middle people.
  • You can’t shape culture in the short-term, which causes a clash between organisational culture and security culture. Organisational cultures often look for success metrics every quarter, but culture takes much longer to change.
  • We all have cultural lenses, and those cultural lenses help us (or don’t help us) with the definition of what it is that we see.
  • The Cultural Dimensions Theory is old enough that we now have tons of data to analyse around the 6 dimensions.
  • Cultural values are very enduring because those values are reinforced all throughout society. So, you’ve got this lifelong influence on culture / shaping of culture, and you’re trying to set up a security culture within your organization — Which one is going to win?
  • Insights around culture and how that relates to victims.
  • How important is the role of values in decision-making? Also, Char shows an example of how to map behaviour to Hofstede’s Cultural Dimensions to give a possible answer to the question.
  • Culture as a vector for attack.

“We have a tendency to want to throw technology at the problem. But of you don’t take the cultural values of the person who’s sitting at the end of the computer there, and who’s going to be the recipient of this data, if you don’t take that into account, you can at best have a partial success.”

Further study and research

About Dr Char Sample

How cultural values can be used in cybersecurity attacks, with Dr Char Sample

by Bruce Hallas | Re-thinking the Human Factor Podcast

Please subscribe to the podcast in iTunes, and if you enjoyed this interview, please share with your friends and colleagues and leave a 5 star rating and review.

Thanks for listening and sharing.

Bruce & The Re-thinking the Human Factor Podcast Team