Knowing how to manipulate a hacker's cultural values could help thwart - or at least slow down - cyber-attacks, says Garet Moravec, a cybersecurity expert who'll speak at Information Security Media Group's Global APT Defense Summit on Oct. 22.
Exploiting the economic concept of "loss aversion" could not only help mitigate cyber-attacks but also give defenders a better understanding of the attacker, says Moravec, a former director of cybersecurity at defense contractor Lockheed Martin who worked on the project to develop the F-35 jet fighter.
Loss aversion, defined in the cultural dimension theories of Dutch sociologist Geert Hofstede, shows that people strongly prefer avoiding losses - such as money - rather than gaining something.
In an interview with ISMG, Moravec, now an independent security consultant, offers a hypothetical example of thwarting Chinese hackers trying to breach a defense contractor's systems to pilfer designs on a jet fighter by using a honeypot, a trap containing fake information that's designed to look like part of a network.
Persistence as a Weakness
Unlike Americans, who quickly tire when not rewarded right away, the Chinese have much more patience and will persevere on a task, a trait Moravec says cyberdefenders could exploit. Because the Chinese hackers in this scenario have invested heavily in attempting a breach, they won't easily give up trying to pilfer intellectual property on the jet fighter even if the honeypot fails to generate results.
"Because they're long-term oriented and spent a lot of money and time, loss aversion will start to kick-in, and they'll say, 'Well, we don't want to give up on this [key] component yet, maybe we just haven't figured it out right," Moravec says.
The Chinese hackers, in this scenario, would continue to invest in their hack, like a gambler seeking to win back losses. "That's what we're counting on with an adversary who's long-term oriented" he says. "They'll bet their people's resources and their money doing something that makes no sense."
Cyber Kill Chain
In the interview, Moravec:
- Reveals his epiphany when he realized how to incorporate behavioral theory into the Lockheed Martin Cyber Kill Chain, an intelligence-driven defense process that allows IT security professionals to remediate and mitigate proactively advanced threats;
- Contrasts how different cultures view time in performing tasks and their relationship to cybersecurity; and
- Explains the importance of incorporating behavior into cybersecurity.
As director of cybersecurity for development of the jet fighters program at Lockheed Martin, Moravec was responsible for the overall scope and technical direction of the $382 billion Joint Strike Fighter cybersecurity team. He is now an independent consultant, advising clients in a wide range of industries, including banking, government and healthcare, on IT security.