Dangers of succumbing to bias in cyber security : An evaluation of the impact of cognitive biases on threat assessments and cyber security strategies

Abstract

The greatest cyber threat to an organisation may be opposite to what its own security team assesses, a challenge that commonly arises from the impact of cognitive biases. At every turn, cognitive biases can distract and derail cyber security teams and their strategies away from the key risks and threats likely to catastrophically damage their network environments, in favour of new headline-making attack techniques or vulnerabilities which may never be used against their organisation. Focusing on psychological analysis within cyber security contexts including macro and micro examples from the international cyber community and Darktrace’s own customer base, this paper explores the dramatic impact cognitive biases can have on cyber security professionals, cyber strategies and decision making if left unchecked. Statistically, persistent, widely available, lower-sophistication malware and run-of-the-mill phishing campaigns remain a greater global risk to corporations than the newest, most devious exploit kit or ransomware. This paper examines multiple contextual examples of how cognitive biases negatively affect and influence cyber security teams from their security stack, the greatest threats to their networks and digital estates, understanding an attacker’s mindset and selecting technical experts to guide their programmes. Understanding these biases and identifying their role in cyber decision making is the only way to protect organisations from succumbing to biases and likely misdirecting already stretched security resources.