Perception Biases in Information Security Threats (and How to Mitigate Their Risks)
The current situation with the pandemic presents both technological and human-factor challenges for security.
To maintain both personal and organizational security, people must make realistic observations of security risks.
Here are the different cognitive biases we make, how it affects information security, and what we can do to prevent these biases from leaving our systems vulnerable.
Examples of Perception Bias
Optimism Bias
Optimism bias is where people believe they are less likely to feel the impact of an adverse event.
This optimism bias has shown its face in perceptions of information security risk. Many reports show that people perceive their risk to a cyber attack, like phishing, to be lower than others.
As many as 77% of remote workers believe they aren’t concerned with being hit with a cyberattack while they work from home.
Fatalistic Thinking
On the opposite end of the spectrum, fatalistic thinkers have an outlook that says they have no power to mitigate security risks, as external forces control them.
One example is believing that, since nothing is hack-proof, there is no point in taking efforts to protect yourself online.
The fact that people are now working from home may exacerbate this feeling of vulnerability since they now have no direct organizational support.
“Not My Fault”
Security professionals can often blame end users for security incidents, and end-users blame security professionals for a flawed security environment.
Either way, both refuse to acknowledge their behaviors that may have contributed to the incident.
How to Mitigate the Risk that Cognitive Biases Pose
These biases (and more) are deeply ingrained in humanity. However, you can take these steps now to reduce the risk these biases pose for your security.
- Directly involve employees in information security procedures.
- Ask employees about any security problems and risks they could be experiencing while working from home.
- Teach employees to work together in case a security breach occurs and to take full responsibility for potential risky behaviors that may have contributed to the breach.
Take Steps Now to Mitigate Cognitive Bias Risks to Your Security.
Cognitive biases will never go away completely, but you can reduce their impact on your organization. Recognize the risks these biases pose and follow the quick steps above to mitigate the human factor as a risk to your company and make your systems that much more secure.
