Page 41 - Cyber Warnings
P. 41
ready. Yet, we often find that despite the ease and importance of updating, many users
procrastinate on this critical step. Why? Part of the problem is that update prompts often come
at the wrong time--when the user is preoccupied with something else--and provide the user an
easy out in the form of various “remind me later” options. Because of this small design detail,
users will be much more likely to defer on the update, no matter how important it is--how many
times have you clicked “remind me tomorrow” before finally clicking on “update now”?
By understanding the factors that influence people’s decisions and actions, we can begin to
identify solutions. For instance, instead of providing an option to push off the reminder to a later
date, it might be prudent to get the user to commit to a specific time at which the update will
take place. This way it is possible to prevent the endless stream of procrastination decisions, by
getting the user to think critically about what a better time to update would be.
But, human error in cybersecurity is not limited to the decisions and actions of end users.
Computer engineers may build errors into code that compromise the security of their software,
IT administrators may not set up security systems properly, and C-level executives may not
make the right kinds of investment decisions in their organization’s cyber infrastructure.
However, by being able to recognize behavioral factors in cybersecurity, and identify their root
causes, there is a rich vein of opportunity for making the system as a whole more robust.
Over the past year, ideas42, my behavioral science research and design firm, has been looking
into what behavioral challenges exist in cybersecurity, and how we can use insights from the
behavioral sciences to solve them. Through this effort, we wrote a cyber-novella, Deep Thought:
A Cybersecurity Story, which tells the tale of how an extensive hack can be carried out by
simply exploiting what we already know about the predictable errors in human behavior.
If you’re one of the people who have been seeking technological solutions to what you see as
purely technological problems, then I recommend that you take a look at what we’ve learned,
and see if there might be other ways of approaching the security challenges you’re trying to
solve. And, if you’re one of those people who recognize that the person sitting between the chair
and the computer is maybe one of the greatest threats to your cybersecurity system, than you’re
already on the right track.
About the Author
Alex Blau is a Vice President at ideas42. He has extensive experience
applying insights from behavioral science to solve design and decision-
making challenges in a broad array of domains. His current foci at ideas42
are in the areas of cybersecurity, financial inclusion, public safety, and A/B
testing. Alex Blau can be reached via email at [email protected], and on
twitter at @unbofu and at our company website http://www.ideas42.org
41 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
