We’re Still the Overlords

How behavioral science helps us understand why humans are still cybersecurity’s weakest link — and what we can do about it.

Recently, I found myself sitting in a large room surrounded by a bunch of really smart people. Policymakers, researchers, technologists, and practitioners gathered to hear an invited speaker discuss the future of cybersecurity. As she concluded, one key refrain clearly resonated through the room, setting off a wave of heads nodding in agreement: Human beings, and their behavior, are the weakest link in cybersecurity. This room was the scene of my first cybersecurity conference, and since that day, as I have traveled across the country from gathering to gathering talking to other experts in the field, it dawned on me that this was not simply a refrain — it was a clarion call. It was also the reason for my entry into cybersecurity.

Human behavior is a specialty of mine. The organization I’m part of, ideas42, is a nonprofit behavioral design lab, and we focus on applying the theories of behavioral economics and psychology to numerous behavioral challenges. Over the past year, a group of us took a hard look at how behavioral science could be applied to challenges in cybersecurity. We quickly realized that a lot of the stickiest problems experts talk about — failing to update computer software, creating weak passwords, succumbing to phishing attacks, clicking on bad links — are behavioral in nature, and occur because the software and hardware we all use on a regular basis isn’t designed with human psychology in mind.

This post has moved. To continue reading, please visit https://www.newamerica.org/cybersecurity-initiative/humans-of-cybersecurity/blog/were-still-the-overlords