Skip to Content
Business Trends

Social Engineering – the ART to control your Amygdala

The Amygdala is an almond shaped structure in the center of our brain which triggers emotional responses including fear, anxiety, and aggression. It has been instrumental to our survival for the past 3 million years. In modern times it can be turned into the weak link in our defense mechanism.

Cyber criminals masterly utilize the basic reaction pattern of the Amygdala to perform their magic. Namely, once the Amygdala is affected, the part of the brain responsible for conscious decisions (prefrontal cortex) is momentarily out of work. We mainly react instinctively and are limited in our ability to rationally deliberate our decisions.

Hence, typical social engineering attacks often involve time or financial pressure, threats to our safety (physical or job security) and the fear that inaction might cause even more harm. This already is quite hazardous as attacks become more and more advanced. Cyber criminals are increasingly using sophisticated methods to create threat backdrops based on personal information from the victim. The Amygdala reaction has been used for centuries to get people to do things they never intended to do and, until recently, without even knowing about the existence of the Amygdala.

What perilously adds to the sum game is the perpetuity of stressful situations faced by the modern workforce. Hundreds of studies have shown that our Amygdala is firing relentlessly, even during a normal work day, with no sensible way to stop the cycle and release stress. Respectively, if you add just a little bit more to this stress level, it usually is the “straw which brakes the camels back”. People react completely irrationally in ways which in hindsight they can’t explain. Dozens of seemingly unfathomable social engineering attacks bear witness to this effect.

So, are we doomed to simply surrender to the shortcomings of our humanoid heritage? I suggest we learn to regain control of the Amygdala stress reaction using ART – Awareness, Relaxation, Trust.

First and foremost – AWARENESS: We at SAP train our workforce to recognize social engineering attacks in multiple ways and on an ongoing basis. The more often we are confronted with such information, the better we become in recognizing the patterns (something our brain is incredibly well skilled to do). We run awareness campaigns with fake phishing attacks that help people recognize such emails and train them where and how to report them. We launch funny videos, online challenges and use a gamified and entertaining approach that increases the willingness to get engaged and, as is known, improves the learning capacity.

Our sophomore – RELAXATION: Since a long time, we at SAP emphasize the importance of mindfulness and selfcare. The SAP Global Mindfulness Practice helps SAP employees to develop strategies to reduce work stress overall and learn how to become more self-aware. The more resilient we get to stress the more pressure is needed to set-off the Amygdala alarm. The threshold is all but set to a higher level. Even if you end up in an overwhelming stressful situation but know how to calm yourself using e.g. breathing techniques, you can stop the Amygdala from going rogue. This gets your frontal cortex back into the game and allows you to make rational decision.

The third pillar is TRUST: employees need to know they are allowed to make mistakes. Even if they fell for a social engineering attack, they should know where and how to report the incident – without the fear of consequences. Important note: the worst part of an attack is NOT getting attacked but the incubation time afterwards. If entered unnoticed the attacker will worm through the company’s virtual entrails and steal or harm as much as possible in whatever time is available. To shorten this time period to a minimum is crucial. When employees at SAP have been attacked, they know where to report the incident. They also have the confidence that our SAP Global Security team can handle the attack. We do not punish people for getting attacked. Human beings make mistakes and thankfully have the tendency to learn from them. We rather encourage our employees to report everything they feel uncomfortable about. Even if it turns out to be perfectly harmless, we rather spent some gratuitous time than ignore the one fatal attack that can cause significant harm to the company.

Hence, ART can help to control the Amygdala reaction and thus help to protect your company. We at SAP know we can rely on our workforce to help us protect SAP!

4 Comments
You must be Logged on to comment or reply to a post.
  • Great post Birgit, so true.  It’s either the sympathetic nerves that fire the Fight or Flight response, and it starts in the Amygdala in the brain. Or the parasympathetic nervous path that works in the exact opposite direction – makes our muscles relax, heart slow down, we can think straight, we can eat and digest, we can feel social connection instead of threat. But it’s always one or the other, never together, this is the design.

    Recent findings also show that the way we live is inherited by our children, on the genes level: the more stress and threat in the Dad’s and Mom’s body, the bigger the amygdala of their child, and the more prone to anxiety the child is. Epigenetics in action.

    *************

    So it is awesome that SAP is aware of how humans function and how this impacts our work and personal lives.  And gives us tools to deal with challenges, be it fishing emails or daily work stress. To add to the resources you mention here Birgit, we at Learning2Go offer several interactive VLCs (virtual live instructor led sessions) that we have developed together with our SAP Mindfulness group that cover exactly these topics: Mindfulness, Healthy Life-Style, Self-Awareness, Empathy and Compassion.  And there’s more that we offer with external vendors on Emotional Intelligence, Resilience, Change Agility and more. All can be found here on our Learning2Go | Virtual Live Professional Skills JAM.

    Take care and thank you for the interesting topic.

    Marina

  • Social engineering attacks are pure marketing/sales tactics where the sell is to make one do wanted action.
    Good sales person is great at social engineering and vice versa.

    If we teach people how to resist social engineering, they will also become resistant to marketing, will stop indiscriminate spending and as a result our economy will crash 😉