A recent article in the Boston Globe attempted to tackle and evaluate the complex behavior of human trust. It’s a short read, and can be found here.

I found the following quotes to be particularly striking:

“"The default is trust until there's a reason not to," says Robyn Dawes, a psychologist at Carnegie Mellon University.”

“"Trust is the baseline," says Susan Fiske, a social psychologist at Princeton University. "Trustworthiness is the very first thing that we decide about a person, and once we've decided, we do all kinds of elaborate gymnastics to believe in people."

Basically what this tells us, and as the article acknowledges, we are prone subconsciously to want to believe people. Of course, con artists have known this for years, and this is only confirmed by the work we do in social engineering here at The Garland Group. Though, many consider themselves to be a good judge of character, the article confirms that even the most intelligent are easily susceptible to making poor trust judgments. So how do we mitigate? The only effective answer is regular training. In those areas where we acknowledge instincts can be problematic we already do this. For instance, in intensely stressful situations that we tend to have a fight or flight response. So Firefighters learn how to properly react to fighting fires. Military personnel learn how to wage effective combat. Red Cross workers learn how to properly render aid. So why should training our organization’s staff be any different? In our industry, protecting financial assets and customers’ identities is key, and if we recognize propensity to give the wrong information to the wrong people, it stands to reason that investing in regular social engineering training makes good business sense.