EPISODE 56: From Dark Triads to Patriotic Hackers: Human Maliciousness in Cybersecurity
Is cybersecurity just a technical problem, or a human one?
In this episode, we debut our new format: bridging the gap between deep academic research and boots-on-the-ground security practice. We dive into Zoe M. King et al., 2018 paper, "Characterising and Measuring Maliciousness for Cybersecurity Risk Assessment," to uncover why we need to stop looking at code and start looking at intent.
From the "Dark Triad" of personality traits to the rise of the "patriotic hacker" in global geopolitics, we peel back the layers of the human onion to understand what actually drives a person to cause harm.
In This Episode, We Discuss:
The Maliciousness Assessment Metric (MAM): Why traditional risk assessments fail by ignoring "intent to harm" and how to integrate human factors into your security posture.
The Four Layers of Maliciousness: A deep dive into the Individual, Micro, Meso, and Macro levels—from personal psychology to national narratives.
Hacking as Patriotism: How cultural contexts in the US, Russia, and China dictate whether a hacker is seen as a criminal or a hero.
The "War Games" Effect: How 80s cinema shaped US cybersecurity legislation (CFAA) and continues to influence public perception.
Insider Threats & Organizational Hygiene: Why disgruntlement is a security vulnerability and how the "Principle of Least Privilege" is your best defense.
Risk as a Moral Construct: Why the risks your company chooses to mitigate reveal your organisation's true values and concept of justice.
Show Notes
Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment by Zoe M. King et al., featured in the journal Frontiers in Psychology (2018)
Risk and Blame: Essays in Cultural Theory by Mary Douglas
Risk and Culture: An Essay on the Selection of Technological and Environmental Dangers by Mary Douglas and Aaron Wildavsky
