How to Overcome Cognitive Biases That Threaten Data Security>
Security Intelligence, IBM – Mike Elgan
The Interaction Design Foundation defines cognitive bias as âan umbrella term that refers to the systematic ways in which the context and framing of information influence individualsâ judgment and decision-making.â Donât confuse cognitive biases (which describe thought processes) with logical fallacies (which describe flaws in arguments during communication). The former is about thoughts, and the latter is about words. This is significant because cognitive bias is one of the biggest reasons why enterprise data can be made insecure. In fact, these logical errors are a significant reason why 27 percent of employees fail social engineering tests. Iâve learned to watch out for attentional bias as a writer, which is where perception can be affected by oneâs reoccurring thoughts. This bias, for example, can potentially become a security risk when it comes to writing and interpreting technical documentation related to software or hardware features. The 2018 RSA Survey of 155 IT professionals at the RSA Conference in May found that 26 percent of companies ignore security bugs because they believe they donât have time to fix them. The problem, however, is dealing with the consequences of unfixed bugs tends to take longer than it wouldâve taken to implement the initial fix in the first place. The survey also revealed that IT professionals deliberately ignore security holes for other reasons, including a lack of knowledge about how to proceed. This choice could be driven by the ambiguity effect cognitive bias, where a lack of information informs a decision. Because the path to troubleshooting a problem is unclear, that path is rejected. Awareness about specific cognitive biases must be a core part of every security training exercise. The first step toward overcoming cognitive biases is for everyone to understand that they exist, theyâre pervasive and they have a negative impact on data security. Cognitive biases are also the reason for best practices, which embody institutional learning and lessons that reduce reliance on individual thought processes. But the mother of all cognitive biases is that only other people have cognitive biases. This belief is called the bias blind spot. The truth is that cognitive biases are just part of being human. I have them, you have them â and nobody is immune. Itâs important for security leaders to base their decision-making on this inescapable fact and frequently patch the wetware bug that constitutes the biggest threat to your organizationâs security.
Link: https://securityintelligence.com/how-to-overcome-cognitive-biases-that-threaten-data-security/