It's Time We Breakdown Our Data Security Fallacies
Humans ability to reason with logic and our susceptibility to logical fallacies has been an area of interest amongst the researchers for centuries, right from Aristotle’s Sophistical Refutations and John Locke’s An Essay Concerning Human Understanding (1690) to Irving Copi’s 1961 Introduction to Logic.
In simple terms, Logic can be described as ability to build arguments for them to be valid, sound and convincing, and Fallacy can be interpreted as “a mistaken belief, especially one based on unsound arguments”, “a deceptive, misleading, or false notion” or “an idea that a lot of people think is true but is in fact false”.
According to an industry research, rather than taking decisions based on rationality, critical thinking and strong logical arguments, humans often take mental shortcuts, apply quick decisions, embrace easier solutions, and pick choices that best suit their needs or views of the world.
The human nature to simplify things makes us more vulnerable to logical fallacies and this in turn explains some of the wrongly held notions around data security.
Some of the security fallacies to watch out,
Fallacy of Skills
One of the most commonly held notions about data security is that it is a complex topic and is best left to the security geeks, technology experts or IT teams. People often fail to recognize that security is equally about right processes & behaviour as about technology, and all stakeholders from business users to procurement managers have a key role to play in maintaining the security posture of the organization.
Fallacy of Assurance
Many people still seem to reason that anti-virus is a good enough solution for their personal workspace and will save the day for them. Anti-virus is an important security control but no match to evolving threat environment like zero day exploits, ransomware, and new phishing techniques. One would need a good match of strong end-point security controls and right security behaviour to protect oneself against emerging threats.
Fallacy of Understanding
Every time a major breach takes place in another part of the world, people often believe that they have nothing to worry. They fail to realize the fact that we live in a connected world and use services from across the globe. Thus, when any prominent consumer base is breached and half a billion records are compromised, we have good reason to be concerned.
Fallacy of Value
A commonly held view is that hackers or skimmers only target big corporate and individual personal data has no value. Well, one needs to recognize that personal data is at the heart of digital economy. Every time we connect to internet, comment on social media, surf a website or make an online purchase, we leave a trail of digital footprint. This data is like a gold mine for hackers as they can not only monetize it for illegal gain, but also use it to launch sophisticated phishing attacks.
Fallacy of Isolation
I often hear people say that my actions in my personal digital space have no bearing on the corporate environment. Line between personal and corporate environment is getting blur day by day. Any irresponsible actions in the personal digital space, accessing unauthorized/untrustworthy sites, and exposing personal details without sufficient due diligence can make you an easy target for hackers. It is often easy for hackers to break into personal accounts, and then it is only a matter of time before they find a way to compromise linked corporate accounts.
So, how do we overcome our data security fallacies?
Security risks is threating organizations and individuals alike, and can no more be ignored or left to select few teams. It is time we realize the challenge and overcome our security fallacies by augmenting notions with facts, experience with knowledge and arguments with rational thinking, to be able to make a robust judgement around the required actions and associated risks.
Research also suggests that human minds can be trained to identify logical fallacies through constant learning and practice. Thus, ongoing security awareness sessions & trainings supported by a strong culture of learning will go a long way in addressing security fallacies and make us better prepared for the future security challenges.