You are not the Same Person at all times.
And cybercriminals love that.
This sounds a little crazy on the surface, so don't take my word for it.
To test out this theory, an experiment was run on physicians. Specifically, behavioral researchers gave the same case to the same doctor on separate occasions.
What do you think happened? Or better question.. what do you hope happened??
In the study, the same doctor gave different diagnoses and different prescriptions to the exact same case. In fact, researchers even found a higher likelihood that a doctor will prescribe opioids at the end of the day than earlier in the day.
This is not a knock on doctors. We love our physicians. It's not even specific to the medical profession. This is simply human nature. It's everywhere.
You are not the same person at all times. Or let's put it another way - you do not make the same decision every time you're presented with the same information.
Just like a basketball player who never throws the ball twice in exactly the same way, we do not always produce identical judgements when presented with the same facts on two occasions. - "Noise" by Kahneman, et al
This is called occasion noise. Occasion noise is the measure of "noisiness" or random variability to our decision making.
It's most easily recognized at the point when a professional makes judgements in a different emotional state or before/after some external influence or experience.
What does this have to do with cyber security?
The reality of occasion noise can lead each one of us to making a cyber security misstep. In a clear-headed, focused state, you may never dream of falling for a hacker's tricks.
But we are humans, not robots. So we make mistakes, often falling for things we're surprised we'd fall for. You know, like clicking on a link in a suspicious email when you're exhausted at the end of the week. Or accidentally inputting your password on a malicious site because you're late to your tenth Zoom meeting of the day.
External pressures affect our moods, which in turn, affect our actions. With hackers constantly lurking, our actions can have severe consequences.
Hackers understand human nature. This is exactly why they use Phishing so frequently. And it's also why Phishing works.
So what should my organization do about this?
Solid question. You should always have a multi-layered approach to security, and it needs to include employee security awareness training.
These attacks are avoidable. Your training program needs to combine knowledge with consistent behavioral testing to allow your team to avoid falling for hacker's tricks.
That's exactly what we're doing every day at INFIMA!
We've combined cybersecurity pros with behavioral science geeks. That marriage gives you effective, Security Awareness Training for your team.
If you're an MSP and want to learn more, go check out how we work with Partners here. If you like what you see, book a time to chat!
Shout out to our favorite behavioral scientist, Danny Kahneman, and his co-authors for writing "Noise - A Flaw in Human Judgment", where we've gained valuable insights that continually fuel our Security Awareness Training.
Photo by Darius Bashar on Unsplash
INFIMA Security Newsletter
Join the newsletter to receive the latest updates in your inbox.
Criminal Courts Hacked, Docs Leaked
With Courts sending and receiving tons of email with attachments, they are a ripe target for a crafty Phish.
What Do Canon, Jack Daniels and Carnival Cruises Have In Common?
You may patronize each of these companies on vacation, and now hackers are taking a lot of that money for themselves.
