Skip to main content

Information Cascade and Cyber Security

According to the article, even companies of supposed tech “experts” like Google and Facebook can fall victim to targeted scams to employees in their networks. Why is this? The answer lies in a combination of information cascade and exploitation of human bias.

According to numerous studies, people often think that they are better than the median person in a group in a particular activity. For example, most people think that they drive better than the average driver, or are smarter than the average person, which is by definition impossible. This bias leads to issues because it pushes people to be more affected by behavioral motivations than objective information. If you already think that you know everything about a subject and have all the information you need, then you are more likely to be unaffected by statistics that say “a majority of Americans are hacked” or “most people cannot identify phishing attempts.”

The risk here comes to a head when new employees enter companies with old and objectively outdated cyber security practices. Information cascade dooms these companies to a continuous lack of cyber competency because no one believes information that says they are not safe. Instead, new employees arrive in a steady stream over time and observe that every single older employee is using a particular procedure — or lack of procedure — when it comes to cyber safety. This behavioral observation overrules any informational advantage that the new employee would have had before and causes them to join an information cascade of cyber safety risk, as they adopt the “tried and true” practices of the older employees. This process can indeed be endless until catastrophe strikes and everyone is exposed to novel information at the same time that motivates them to finally update safety practices.



Leave a Reply

Blogging Calendar

November 2017
« Oct   Dec »