Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions

•Download as PPTX, PDF•

1 like•438 views

Wishful thinking won’t protect your data and systems. Without understanding two key psychological constructs, motivated reasoning and decision fatigue, people will continue to put their trust in software alone to keep their systems safe – and then shift responsibility for adverse events onto end users. For example, those impacted by motivated reasoning will reuse passwords without believing it might actually have an impact. People who experience decision fatigue avoid decisions or choose the least effortful action. However, there are steps organisations and individuals can take to recognise and cope with these parts of human nature – are you prepared?

Technology

Dr. Margaret Cunningham, Principal Research Scientist
Forcepoint, X-Labs
Weary Warriors:
Reducing the Impact of Wishful
Thinking & Fatigue on Information
Security Decisions
4 June, 2019

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
Select the option that fits you best:
- I use the exact same password on multiple sites. ¯_(ツ)_/¯
- I change my passwords a little bit—Password1! is different from
Passw0rd, right?
- I never reuse passwords.
- I use a password manager.
Slido Q1

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
40-50% of users reuse
passwords

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
46% of organizations don’t
change their security strategy
after an attack!

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
Definitions & Outcomes
• Motivated Reasoning
• Decision Fatigue
Strategies & Solutions
Overview

Weary Warriors: Reducing the Impact of Wishful
Thinking & Fatigue on Information Security Decisions
• “Wishful Thinking” and self-
deception
• Avoidance of cognitive
dissonance
• Evaluating problems in favor
of preferred outcomes
Motivated Reasoning is…

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Inadequate solutions based
on biased information
• Aversion to change
• Rationalization, and denial,
of poor choices
Impact of Motivated Reasoning

Weary Warriors: Reducing the Impact of Wishful
Thinking & Fatigue on Information Security Decisions
• Decision-making draws on
finite mental resources
• Our capabilities degrade over
the course of each day
• Helped by food, cured by rest
Decision Fatigue is…

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Decision avoidance, relying
on defaults or “status quo”
• Difficulty weighing pros &
cons of multiple options
• Short-term > long-term
• Selecting the least effortful
choice
Impact of Decision Fatigue

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• When faced with “facts that don’t fit” we ignore them
• When fatigued, we pick the easy way out – if we make
a choice at all
Motivated Reasoning + Decision Fatigue = Bad Decisions

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
Strategies & Solutions
1. Recognize the Signs
2. Be Choosy about
Choosing
3. Plan & Prioritize

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Impaired self-control & impulsivity
• Procrastination
• Decision avoidance
• Irritability
• Ignoring contradicting opinions or
facts?
Recognize the Signs

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Cut options
• Concrete examples
• Categorize
• Condition for Complexity
Be Choosy about Choosing1
1 Sheena Iyengar, “The Art of Choosing”

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Plan daily decisions in
advance
• Prioritize important decisions
for the morning
• Sleep on it – when possible
• Use tools & establish
decision-making processes to
support unplanned or late-
day choices
Plan & Prioritize

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
5 KEY TAKE AWAYS

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
• Motivated reasoning leads to biased decision making & denial of
alternative solutions that differ from existing practices
• Decision fatigue leads to decision avoidance, or selection of easier,
short-term solutions
• Recognize the signs: procrastination, distraction, impulsivity,
irritability, risk-aversion
• Use choice strategies: cut, categorize, concrete examples, &
conditioning for complexity
• And, when possible, plan and prioritize to optimize decision-making
5 KEY TAKE AWAYS

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on
Information Security Decisions
Follow-up questions or comments?
Margaret.Cunningham@Forcepoint.com
Or, visit my Forcepoint Author Page:
www.forcepoint.com/company/biographies/margaret-cunningham
Recent White Papers:
Exploring the Grey Space of Cybersecurity with
Insights from Cognitive Science
Thinking about Thinking: Exploring Bias in
Cybersecurity with Insights from Cognitive Science

Our motivations play an important role in how we understand ourselves and the world. We all operate with assumptions, mindsets and expectations that we are sometimes less conscious of and which are likely to be influenced by our deeper motivational orientations. By understanding the links between motivational patterns and hidden biases, we can expand our self-awareness, achieve a more complete and objective view of others, and make wiser behavioural choices.

Decision Making and Risk Taking

Reina Mae Salido

Five dimensions of decision making

Parveen Goel

Decisions, decisions, decisions — we make them all the time! The life we are living right now, is the outcome of decisions we made in the past. Our future depends on the decisions that we will make today or tomorrow. To put it simply, decision making can be defined as a choice of action in an uncertain environment. There are routine and life-altering decisions; individual and group decisions; short-term and long-term decisions; high and low-stake decisions, and decisions that can be changed as well as decisions that are cast in stone — the list can go on indefinitely. Those who are not allowed to make decisions are not happy about it, and those who are entrusted to make decisions may feel burdened by the responsibility. Decisions are sometimes made by scribbling on the back of a paper napkin and at other times with the help of massive computer programs. Some decisions need to be made on the spot — in the blink of an eye — with other decisions it is often recommended that we sleep on it. The scope of decision making is very wide, the process sometimes starkly complex and individual styles vary considerably. It is such a fundamental part of our existence and growth; however, many of us may not give enough thought to our approach to decision making — does my decision making need any tweaking or am I happy with it as it is? In order to understand our own style of decision making, we need to consider what are the major dimensions of decision making and where do we stand on each of the dimensions. Here are 5 important dimensions of decision making:

In this free webinar, security expert Gary L. Sigrist, Jr. is our panelist. Gary is a former educator and law enforcement officer. As a professional expert, he brings a wealth of knowledge and experience working with school faculty and staff. Gary is the president and CEO of Safeguard Risk Solutions. The company helps its clients identify vulnerabilities, plan accordingly, train thoroughly and respond effectively. This free webinar is part of LENSEC's Step Into Security series, a complimentary security training series. Webinar Agenda: •Threat Assessment Principles •Facts About Targeted Attacks •Five Phases Of An Active Shooter Incident •Prevention Of The Threat •Assessing Mental Health Risk •Profiling For Potential Threats Please join us for future webinars. Feel free to invite your colleagues to register for this event. You can find more webinars covering physical security and safety topics at our website. http://bit.ly/StepIntoSecurityWebinarArchive

Entrepreneurial Psychology

jericsinger

OODA OODA! How Rapid Iteration Can Help Level Up Your Gaming Business

SeriousGamesAssoc

Mitch Weisburgh, Partner | Academic Business Advisors and Scott Brewster, Co-Founder & CTO | Triad Interactive Media / Hats & Ladders DOUBLE SESSION: OODA OODA! How Rapid Iteration Can Help Level Up Your Gaming Business We are all involved in lots of complicated and complex situations. We deal with students and learning. We write, adapt, and use games for learning. We may be running businesses. One thing that all of these have in common is that we can’t just come up with a plan, execute and expect things to just work smoothly. Unexpected things happen, it’s often impossible to anticipate all possible situations, people react in unanticipated ways, there is often information we just don’t or can’t know in advance, the people we are working with have hidden agendas. Allies, antagonists, and resources shift and change. And so on. So, what are we supposed to do? We are going to explore a framework for managing solutions during periods of dynamic change. The OODA Loop Framework was developed by air force colonel John Boyd based on precepts developed by Sun Tzu, Napoleon, Heisenberg, Kyng, Einstein, Gödel, and others, and has been used by military, political, and business leaders around the world. You’ll learn to prepare for the unexpected, observe and react to actions and results, and pull together and manage a team despite adversity. Presented by the Serious Play Conference seriousplayconf.com at Orlando, University of Central Florida, UCF, July 24-26, 2019

Session 4 - Lectures in Leadership (Relating).pptx

ssuserde1c26

I am my worst enemy — A first person look at Insider Threat

Ahmed Masud

د حاتم البيطار استشاري وجراح الفم والاسنان 01005684344 اتصل للحجز بالعيادة D...

د حاتم البيطار

Decision Making

anisur_rehman

Presentation: Avoiding Nonprofit Disasters Through Decision-Making Science

Gleb Tsipursky

No one wants to make decisions that lead to disasters. Yet when was the last time you regretted a decision at work – one that cost money and time, brought about unnecessary stress and conflict, hurt reputation and team morale? Do you know what led you or your team to the decisions you now regret? Have you figured out how to avoid making such regrettable decisions and harmful outcomes in the future? Fortunately, you can learn how to minimize everyday mishaps and major disasters through applying decision-making science. This presentation draws on research in decision-making and emotional and social intelligence as well as real-world case studies to help optimize the process of decision-making for leaders, teams, and organizations, with a specific focus on decision-making in nonprofit contexts. Learning Objectives: - How to gain awareness of and escape the cycle of making decisions you and your team later regret in your workplace, thus avoiding disastrous decisions - How to identify a series of problematic thinking and feeling patterns – what scholars call cognitive biases – that cause us to make regrettable decisions - How to take advantage of recent research in behavioral sciences to deal with cognitive biases in the workplace - How to combine intuitive and analytical thinking to help you make the best possible decisions in an environment of uncertainty - How to adapt this research to your needs through easy-to-use strategies for effective decision-making - How to help yourself and your team implement these strategies thoroughly for optimal decision-making processes - How to exert influence effectively on team decision-making from any role in the team, while helping maintain trust, engagement, and commitment among team members - How to identify the competing interests of multiple stakeholders, especially in a context of uncertainty and transition, and coordinate them to achieving the organization’s goals

Rethinking the concept of trust (DoDIIS 2019 presentation)

Forcepoint LLC

Sparking Curiosity to Change Security Behaviors

Forcepoint LLC

In this presentation Dr. Margaret Cunningham, Principal Research Scientist, Forcepoint X-Labs, explores the topic of curiosity in cybersecurity. Curiosity is a powerful catalyst for behavioral changes, but for the most part, curiosity has been used to exploit users rather than to motivate positive security behaviors. This session explores the science of curiosity, provides examples of how curiosity increases security risks, and discusses strategies for using curiosity to increase engagement and positive security behaviors. Through this session attendees can apply strategies learned for motivating positive security behaviors as a means to mitigate risk and decrease alert fatigue within an organization. Presented at Black Hat USA 2019 on Wednesday August 7, 2019. Related blog: https://www.forcepoint.com/blog/x-labs/sparking-curiosity-change-security-behaviors-bhusa-2019-slides-and-summary

Similar to Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions

Presentation2

alimohsen08

Topic6decisionmakingHariz Mustafa

Decision Making

ALAN KURIAN SABU

MGT 3200 Exam #2kgreau1

Decision Making & Problem Solving _ Materi Training "LEADERSHIP for Manager &...

Kanaidi ken

Motivation and Bias: Strategies for Developing Greater Self-Awareness and Obs...

MRG (Management Research Group)

Fundamentals of Decision Making

Andrew Hirst

Decision Making 1

LyricojaeCassie

decision making.pptx

DrManishaPawar2

Ob slides - decision making hold(1)stuitstrain2

Brian Glass Making Decisionsbrnglass

Career decision makingsdonatel

Step Into Security Webinar - Threat Assessments in Schools

Keith Harris

Entrepreneurial Psychology

jericsinger

OODA OODA! How Rapid Iteration Can Help Level Up Your Gaming Business

SeriousGamesAssoc

Session 4 - Lectures in Leadership (Relating).pptx

ssuserde1c26

I am my worst enemy — A first person look at Insider Threat

Ahmed Masud

د حاتم البيطار استشاري وجراح الفم والاسنان 01005684344 اتصل للحجز بالعيادة D...

د حاتم البيطار

Decision Making

anisur_rehman

Presentation: Avoiding Nonprofit Disasters Through Decision-Making Science

Gleb Tsipursky

Similar to Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions (20)

Presentation2

Topic6decisionmaking

Decision Making

MGT 3200 Exam #2

Decision Making & Problem Solving _ Materi Training "LEADERSHIP for Manager &...

Motivation and Bias: Strategies for Developing Greater Self-Awareness and Obs...

Fundamentals of Decision Making

Decision Making 1

decision making.pptx

Ob slides - decision making hold(1)

Brian Glass Making Decisions

Career decision making

Step Into Security Webinar - Threat Assessments in Schools

Entrepreneurial Psychology

OODA OODA! How Rapid Iteration Can Help Level Up Your Gaming Business

Session 4 - Lectures in Leadership (Relating).pptx

I am my worst enemy — A first person look at Insider Threat

د حاتم البيطار استشاري وجراح الفم والاسنان 01005684344 اتصل للحجز بالعيادة D...

Decision Making

Presentation: Avoiding Nonprofit Disasters Through Decision-Making Science

More from Forcepoint LLC

Rethinking the concept of trust (DoDIIS 2019 presentation)

Forcepoint LLC

Sparking Curiosity to Change Security Behaviors

Forcepoint LLC

Understanding the "Intelligence" in AI

Forcepoint LLC

In this presentation Raffael Marty, VP of Research of Intelligence, Forcepoint X-Labs, explores the topic of Artificial Intelligence (AI) in cyber security. What is AI and how do we get to real intelligence in a cyber context? Raffael outlines some of the dangers of the way we are using algorithms (AI, Machine Learning) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks. Presented at AI 4 Cybersecurity in NYC on April 30, 2019

AI and ML in Cybersecurity

Forcepoint LLC

Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights. In this session, we will discuss: • Limitations of machine learning and issues of explainability • Where deep learning should never be applied • Examples of how the blind application of algorithms can lead to wrong results

Using Language Modeling to Verify User Identities

Forcepoint LLC

How can we verify identity using unstructured data from a user device? While biometrics like fingerprinting and facial recognition are often used for authentication, research around natural language processing has found people's use of language as uniquely identifying. In this session, we will discuss multiple facets of language modeling: • Efficacy on different kinds of unstructured text within a corporate network • As a technique to detect anomalous user activity, compromised accounts, and stolen credentials • As an integral part of a cybersecurity program in addition to UEBA and risk-adaptive protection

Driving the successful adoption of Microsoft Office 365

Forcepoint LLC

Securing Beyond the Cloud Generation

Forcepoint LLC

Forcepoint Advanced Malware Detection

Forcepoint LLC

Top 5 Information Security Lessons Learned from Transitioning to the Cloud

Forcepoint LLC

CASB: Securing your cloud applications

Forcepoint LLC

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...

Forcepoint LLC

This 20 minute talk was delivered by Forcepoint Principal Security Analyst Carl Leonard at Infosecurity Europe 2018. Delivered to the Strategy track this talk provides a review of the macro trends affecting businesses today, reviews root cause of standout data breaches, highlights the security risk presented by employees, and offers guidance on how to protect your business from specific root causes.

GDPR is Here. Now What?

Forcepoint LLC

Addressing Future Risks and Legal Challenges of Insider Threats

Forcepoint LLC

A Predictive “Precrime” Approach Requires a Human Focus

Forcepoint LLC

In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Precrime Division,” that anticipated and prevented killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity – especially for insider threat detection and prevention. Based on user interaction with data, CISOs and their teams emerge as the IT equivalent of a Precrime Division, empowered to intervene before a violation is ever committed. Discover the technologies which make predictive analytics valuable, along with ethically minded guidance to strike the balance between vigilance and privacy.

Cyber Convergence, Warfare and You

Forcepoint LLC

A pirate used to have to show up on your shores, now they can stay on the other side of the world and still be a pirate. They are the mercenaries of the modern day – hackers who carry out crippling cyberattacks for personal gain, for political motivations, or perhaps on behalf of foreign governments, wittingly or unwittingly. The complexity of the problem also means there’s no simple answer for the global community. Mr. Daly looked at how we arrived at this convergence of actors and discussed efforts to get countries cooperating more effectively to prevent international cybercrime and bound cyber warfare.

Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)

Forcepoint LLC

The DoD Mission Partner Environment (MPE) enables Command and Control (C2) for operational support planning and execution – residing on a shared network infrastructure at a single security level with a common language. Rory Kinney, OSD DoD CIO, shared his perspectives on how an MPE capability allows Mission Partners (MPs) to share information with all participants within a specific partnership or coalition and the role MPE-IS plays in securing the global mission.

Security Insights for Mission-Critical Networks

Forcepoint LLC

Maintaining Visibility and Control as Workers and Apps Scatter

Forcepoint LLC

Balancing productivity and security has been an age old challenge for IT. Nowadays, tight budgets and a shortage of skilled security personnel are further complicating the security equation at a time when mobile workers and cloud applications require effective defenses beyond traditional perimeters. Fortunately, there are new perspectives and best practices to help Government IT security leaders secure systems and users everywhere, with the same level of mission-critical protection that Federal networks require.

Embracing the Millennial Tsunami

Forcepoint LLC

Shift the Burden

Forcepoint LLC

Many organizations are struggling to combat advanced threats, focusing on what they should be doing to prevent these threats vs. creating a strategy to shift the burden. Josh Douglas, Chief Strategy Officer at Raytheon Foreground Security, talked about why shifting the burden matters in order to reduce dwell time and how you can make that happen by investing in user awareness training, assessments, incident response and threat hunting.

More from Forcepoint LLC (20)

Rethinking the concept of trust (DoDIIS 2019 presentation)

Sparking Curiosity to Change Security Behaviors

Understanding the "Intelligence" in AI

AI and ML in Cybersecurity

Using Language Modeling to Verify User Identities

Driving the successful adoption of Microsoft Office 365

Securing Beyond the Cloud Generation

Forcepoint Advanced Malware Detection

Top 5 Information Security Lessons Learned from Transitioning to the Cloud

CASB: Securing your cloud applications

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...

GDPR is Here. Now What?

Addressing Future Risks and Legal Challenges of Insider Threats

A Predictive “Precrime” Approach Requires a Human Focus

Cyber Convergence, Warfare and You

Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)

Security Insights for Mission-Critical Networks

Maintaining Visibility and Control as Workers and Apps Scatter

Embracing the Millennial Tsunami

Shift the Burden

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

The Future of Platform Engineering

Jemma Hussein Allen

Recently uploaded (20)

JMeter webinar - integration with InfluxDB and Grafana

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

UiPath Test Automation using UiPath Test Suite series, part 3

Key Trends Shaping the Future of Infrastructure.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Search and Society: Reimagining Information Access for Radical Futures

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

ODC, Data Fabric and Architecture User Group

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

The Art of the Pitch: WordPress Relationships and Sales

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

When stars align: studies in data quality, knowledge graphs, and machine lear...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Accelerate your Kubernetes clusters with Varnish Caching

The Future of Platform Engineering

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions

1. Dr. Margaret Cunningham, Principal Research Scientist Forcepoint, X-Labs Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions 4 June, 2019

2. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions Select the option that fits you best: - I use the exact same password on multiple sites. ¯_(ツ)_/¯ - I change my passwords a little bit—Password1! is different from Passw0rd, right? - I never reuse passwords. - I use a password manager. Slido Q1

3. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions 40-50% of users reuse passwords

4. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions 46% of organizations don’t change their security strategy after an attack!

5. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions Definitions & Outcomes • Motivated Reasoning • Decision Fatigue Strategies & Solutions Overview

6. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • “Wishful Thinking” and self- deception • Avoidance of cognitive dissonance • Evaluating problems in favor of preferred outcomes Motivated Reasoning is…

7. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Inadequate solutions based on biased information • Aversion to change • Rationalization, and denial, of poor choices Impact of Motivated Reasoning

8. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Decision-making draws on finite mental resources • Our capabilities degrade over the course of each day • Helped by food, cured by rest Decision Fatigue is…

9. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Decision avoidance, relying on defaults or “status quo” • Difficulty weighing pros & cons of multiple options • Short-term > long-term • Selecting the least effortful choice Impact of Decision Fatigue

10. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • When faced with “facts that don’t fit” we ignore them • When fatigued, we pick the easy way out – if we make a choice at all Motivated Reasoning + Decision Fatigue = Bad Decisions

11. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions Strategies & Solutions 1. Recognize the Signs 2. Be Choosy about Choosing 3. Plan & Prioritize

12. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Impaired self-control & impulsivity • Procrastination • Decision avoidance • Irritability • Ignoring contradicting opinions or facts? Recognize the Signs

13. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Cut options • Concrete examples • Categorize • Condition for Complexity Be Choosy about Choosing1 1 Sheena Iyengar, “The Art of Choosing”

14. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Plan daily decisions in advance • Prioritize important decisions for the morning • Sleep on it – when possible • Use tools & establish decision-making processes to support unplanned or late- day choices Plan & Prioritize

15. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions 5 KEY TAKE AWAYS

16. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions • Motivated reasoning leads to biased decision making & denial of alternative solutions that differ from existing practices • Decision fatigue leads to decision avoidance, or selection of easier, short-term solutions • Recognize the signs: procrastination, distraction, impulsivity, irritability, risk-aversion • Use choice strategies: cut, categorize, concrete examples, & conditioning for complexity • And, when possible, plan and prioritize to optimize decision-making 5 KEY TAKE AWAYS

17. Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions Follow-up questions or comments? Margaret.Cunningham@Forcepoint.com Or, visit my Forcepoint Author Page: www.forcepoint.com/company/biographies/margaret-cunningham Recent White Papers: Exploring the Grey Space of Cybersecurity with Insights from Cognitive Science Thinking about Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions

Recommended

Recommended

More Related Content

Similar to Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions

Similar to Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions (20)

More from Forcepoint LLC

More from Forcepoint LLC (20)

Recently uploaded

Recently uploaded (20)

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Information Security Decisions