August 24, 2020

The Problem with Cyberhygiene

By Steve Prentice

Cyberhygiene Dangers It is a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it is introduced to us by others. In the simplest of examples, imagine a sign, placed next to a surface, that reads “Wet Paint.” Out of 100 people, how many do you think […]

Cyberhygiene Dangers

It is a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it is introduced to us by others. In the simplest of examples, imagine a sign, placed next to a surface, that reads “Wet Paint.” Out of 100 people, how many do you think will touch the surface to see if it is indeed wet? The answer is always more than 50%.

This condition has a name, unsurprisingly called “Wet Paint Syndrome.” It springs from the idea that, when confronted with a situation demanding compliance, there will always be a proportion of a population that will reject the instruction, for one of a few reasons:

  • Belligerence – the refusal to be told what to do, resulting in a directly opposite reaction: You tell me not to touch the paint, so I will touch it.
  • Individual disbelief – the sign might be old, and the paint might already be dry, so I will check it myself.
  • Collective disbelief – I saw that person touch it, so I am going to touch it.
  • Cultural disbelief – the sign is fake news.
  • Ignorance – I read the sign, but the warning did not register with me as something I should pay attention to.
  • Reflex– I read the sign and, without thinking, touched the paint anyway.

Humans are guided in part by instinct and reflex. If we cannot perceive danger through our physical senses, then we cannot process it accurately. A poisonous snake, spoiled milk, the smell of smoke or the image of a pool of human blood – these are stimuli that make most people recoil. These forms of danger are accepted as real.

Cybersecurity: The Invisible Threat 

When it comes to cyberhygiene activities, the threat we seek to avert seems, to many end users, to be invisible or inconsequential. It won’t be until the actual moment when a computer screen freezes and reveals a ransomware notice that the dangers of lax security become real.

People are suffering from alert fatigue. People have grown tired of repeated requests to update their passwords and so they simply modify one digit, upgrading from “Mary123” to “Mary124”.

But here’s the kicker. When offered the opportunity to use a solution to these tedious chores, such as a password manager, people recoil even further. A password manager is an app that generates passwords out of random character strings such as 86vPH*r1en@2@4FH. These are extremely difficult and time-consuming for hackers to guess but are equally difficult for people to memorize. But when it is explained that they do not have to memorize them at all, and that the password manager simply fills them in when needed, people push back. The comfort they feel in being able to remember their passwords exceeds that of having infinitely more secure passwords they can’t memorize.

Any security specialist who has tried to explain password managers will have experienced this sort of pushback. They will likely have stopped short of trying to explain exactly how password managers encrypt passwords at a device level using a salted hashing technique where none of the components, including the master password, actually are stored by the password manager itself. This is a type of dark magic that makes most peoples’ eyes glaze over.

Password Iq Cloudtweaks

Cybersecurity Expertise Includes Some Psychology

The point is that people in general cannot sit comfortably with change because change means confronting the unknown. Cybersecurity specialists must realize just how fragile the human instinct is when they frame arguments around safety and security protocols. Sometimes it all comes down to change resistance when they hear comments like “how can I trust a password that I can’t memorize,” or “back in my day we never needed Two Factor Authentication, so I’m not using it now.

Just like a rapidly spreading virus, all it takes is one person to make that initial contact with an infected email link to penetrate the defenses of an organization and the organizations it is connected to.

A cybersecurity specialist’s portfolio of skills must include some psychology, which can be transformed into empathy, change management and communication skills. Although a central pillar of the job is to be proactive, success in the security field will not be complete until we recognize just how incompatible the concept of proactivity is with the day-to-day priorities of end users and frame our communication strategies around this.

For more information, read the Proactive Cybersecurity Beyond COVID-19 white paper.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Azure Free Tier vs. AWS Free Tier: Which Provides More Value?

Cloud computing has become a cornerstone for the digital transformation of businesses. From startups to [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

Exploring SaaS Directories: The Path to Optimal Software Selection

Exploring the Landscape of SaaS Directories SaaS directories are vital in today’s digital age, serving [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

SPONSORS

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.