Consider human emotions while developing cybersecurity measures
In the increasingly digital world, cybersecurity has become a critical concern for individuals, businesses, and governments alike. While much of the focus is often on technological solutions—there is another crucial aspect that often goes underappreciated: the human emotions involved in cybersecurity.
Fear and anxiety significantly impact cybersecurity. The fear of data breaches, identity theft, and cyberattacks can drive individuals and organisations to adopt more stringent security measures. For instance, after the high-profile Equifax data breach, which exposed the personal information of over 147 million people, there was a significant increase in the number of people signing up for credit monitoring services and identity theft protection. This breach highlighted the vulnerability of even large organisations and instilled fear among consumers about the safety of their personal information.
However, fear and anxiety can also have negative effects. Excessive worry about cyber threats can lead to "security fatigue," where individuals become overwhelmed and desensitised to the constant barrage of warnings and advisories. A study by the National Institute of Standards and Technology (NIST) found that people experiencing security fatigue may neglect basic security practices, such as updating passwords or installing software patches, thereby increasing vulnerability to attacks.
Trust is another pivotal emotion in the cybersecurity landscape. Users must trust that their systems are secure, that the websites they visit are safe, and that their personal information is protected. Unfortunately, trust can be easily exploited by cybercriminals through social engineering tactics such as phishing attacks. During the Covid pandemic, there was a significant increase in phishing attacks where cybercriminals posed as health organisations. These attacks exploited the public's trust in these institutions, tricking individuals into revealing sensitive information or downloading malicious software.
The 2013 Target data breach, where hackers gained access to the retailer's network by exploiting the trust placed in a third-party contractor, underscores how trust in third-party vendors can become a vulnerability if not properly managed.
The stress associated with maintaining cybersecurity can also influence behaviour. Professionals working in cybersecurity roles often face high levels of stress due to the constant threat of attacks and the pressure to protect sensitive information. For instance, the cybersecurity teams at hospitals during ransomware attacks, such as the one on Universal Health Services, experienced immense stress as they worked to secure patient data and restore critical systems while under attack. This stress can lead to burnout, reducing the effectiveness of cybersecurity teams and increasing the likelihood of human error.
For end-users, stress from dealing with complex security protocols and the ever-evolving nature of cyber threats can result in poor security habits. A common example is users resorting to simple, easy-to-remember passwords across multiple accounts, despite knowing the risks, to reduce the cognitive load associated with managing complex security requirements. This behaviour was evident in the aftermath of the Yahoo data breach, where many users admitted to reusing passwords across different sites to simplify their online security management.
Complex security measures often lead to frustration and anger. Managing passwords, dealing with frequent updates, and navigating authentication requirements can be exasperating. The Yahoo data breach underscores the importance of robust security practices, but user frustration can lead to non-compliance, undermining cybersecurity efforts. A survey by the University of California, Berkeley found that many users are frustrated by the complexity and frequency of password changes required by their employers, leading to shortcuts such as writing down passwords or using easily guessable passwords.
Confusion and helplessness often accompany cyber incidents. The rapid evolution of cyber threats and the complexity of security technologies can leave us feeling overwhelmed and powerless. In times of crisis, such as a ransomware attack or data breach, individuals and organisations may struggle to understand what steps to take. Developing clear response plans, conducting regular drills, and seeking assistance from cybersecurity experts can help alleviate confusion and empower us to respond effectively to cyber incidents.
Relief and satisfaction follow successful cybersecurity measures. Implementing robust security protocols, thwarting cyber threats, and safeguarding digital assets bring a sense of accomplishment and peace of mind. Knowing that our sensitive information is protected against malicious actors provides a sense of relief.
However, success in thwarting cyber threats can breed overconfidence and complacency. Believing that we are immune to cyberattacks can lead to lax security practices and vulnerability to future threats. Similarly, organisations may become complacent after implementing security measures, failing to adapt to evolving cyber threats. By staying informed about emerging cyber threats, conducting regular security assessments, and updating security protocols, we can guard against overconfidence and complacency.
Another issue that surfaces after cybersecurity breaches aspect is guilt and shame. Individuals may blame themselves for falling victim to phishing scams or neglecting security best practices. Organisations may feel ashamed of security lapses that compromise customer data or tarnish their reputation. Instead of dwelling on mistakes, they should focus on lessons learned, steps for improvement, open communication and collaboration to foster a culture of shared responsibility in cybersecurity.
To enhance cybersecurity by addressing emotional factors, individuals should be empowered with user-friendly cybersecurity education and practical knowledge. Building of trust by fostering transparency and reliability in digital services, prioritsing employee well-being and stress management to enhance cybersecurity resilience are also crucial along with simplifying security measures to reduce frustration and encouraging compliance.
In Bangladesh's digital journey, understanding and addressing cybersecurity emotions are paramount. By recognising the fears, frustrations, and triumphs inherent in digital defence, we can develop more effective strategies for safeguarding our digital assets. Through education, empathy, and collaboration, we can navigate the complexities of the digital landscape with resilience and confidence.
BM Zahid ul Haque is an experienced CISO and cyber digital transformation strategist. He can be reached at: bmzahidul.haque@gmail.com.
Views expressed in this article are the author's own.
Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.
Comments