Why is Cybersecurity so hard? Why do so many companies(people) get hacked?
The following image is from one of our blog posts and shows the scramble of the attackers (criminal hackers) and defenders (ethical hackers)
We have made it our mission to help companies create a new awareness for people
We have a blog that attempts to make cybersecurity less complex for both cyber pros and non-it people on our Facebook page.
The Blog post I want to refer to is the following:
Here is where I discuss the Bruce Schneier post of the "Psychology of Security"
The trade-off of everyone assessing their risks, and whether more resources should be spent on cybersecurity and how.
To understand why people do what they do is to figure out the Psychology.
We are risk seeking when we think would take the risk (risk seeking in losses) due to the natural inclination of not vividly seeing themselves in a worst case scenario. The chances are nothing will happen thinks the business owner, so we hope/wish it won’t. If there is a chance in failure (like a cybersecurity attack that costs $200k) on the one hand and on the other a chance that nothing will happen... then most people (70%) will think nothing will happen to them.
So we are risk seeking in losses
1. A chance $200,000 in losses with a cybersecurity attack == 30% of people perform cybersecurity defenses
2. A chance of no losses with a potential (real or imagined) cybersecurity loss == 70% of people choose this (to do nothing)
This security trade-off happens unconsciously without your knowledge.
How many cops wear a bullet-proof vest on a daily basis?
How many people wear a bullet-proof vest even in dangerous situations?
Human Psychology is risk-seeking in losses. We would rather take higher risks than spend time and money reducing the risk, because we believe we can get away without spending any time and resources.
This is a false narrative - we must protect our network and we will still get attacked and you will get hacked anyway. (Target, HomeDepot, and all others).
So it is not a matter of do nothing and there is a chance nothing will happen.
If you do nothing - YOU WILL GET HACKED period.
Now what we need to discuss in this new normal what do companies really need to do? Risk management? that failed as well.
What we need is a new method that uses a philosophy of we are hacked, now what.
Contact Us to discuss what this new method means for you.