Security is a feeling, based not solely on probabilities and mathematical calculations, but on your psychological reactions to both risks and countermeasures. You might feel that you're at high risk of burglary, medium risk of murder, and low risk of identity theft. And your neighbour, in the exact same situation, might feel that he's at high risk of identity theft, medium risk of burglary, and low risk of murder.
You can be secure even though you don't feel secure. And you can feel secure even though you're not. Learn why we’re predictably irrational, and how you use this new found knowledge to nudge consumers to make better cybersecurity decisions.
Presented at BSides Belfast, 7th September 2017.
https://www.youtube.com/watch?v=uHpXt-PItdk&feature=youtu.be&t=1s
2. Hi!
My name’s, Dave.
Not a psychologist.
Works for Anomali (we’re hiring!).
You can find me at:
@himynamesdave
3. Everything will
become a science
experiment.
You’ll question many
of your decisions and
help positively
influence those of
others.
A warning before we begin...
7. A heuristic is a mental shortcut used to
solve a particular problem
Heuristic:
8. When our heuristics fail to produce a
correct judgment, it can sometimes
result in a cognitive bias, which is the
tendency to draw an incorrect
conclusion
Cognitive Bias:
9. “
“Security is a feeling, based not solely on
probabilities and mathematical
calculations, but on your psychological
reactions to both risks and
countermeasures”
10. People are not computers
People exaggerate risks
that are:
People downplay risks that
are:
● Beyond their control ● More under their control
● Externally imposed ● Taken willingly
● New and unfamiliar ● Familiar
● Not like their current
situation
● Like their current situation
● Rare ● Common
20. “
“1 in 2 people born after 1960 in the UK will
be diagnosed with some form of cancer
during their lifetime”
Source: Cancer Research UK
21. But I’m too healthy, have good genes...
Source: Sharot et al., 2011
22. Which is more likely?
That your personal information will be
stolen over the Internet?
That the person sitting next to you will
have their personal information stolen over
the Internet?
26. ■ Switched your electricity supplier?
■ Used a new brand of toothpaste?
■ Rewrote legacy code when adding
features?
■ Changed your password?
When was the last time you?