Social Norms and Identity in Cybersecurity

Recently I read an article entitled “Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape” by Vladlena Bensona, John McAlaneyb and Lara Baranowskic.

One of the topics is the concept of social cognitive influences on an individual from a group that can influence behaviors. It is intriguing to consider that the biases, pressures and perspectives of a group culture can push an individual toward or away from sound security attitudes and behaviors. Perhaps we need to consider that group dynamic to fully understand what direction the synergistic weight will press on individuals.

Behavioural nudge (Thaler & Sunstein, 2008) is another method to help ensure that company insiders are aware of the pitfalls of negligence to the very real risks of cyber breaches. Psychologists and other behaviourists have been using the concept of nudge for several years to see how it may help in altering a number of behaviours. Using these concepts for cybersecurity could be beneficial in eliciting more vigilant behaviours. Asking, and showing, employees how they could be responsible for security is essential. Changing risk taking or lackadaisical approaches could be done through nudge and yield behavioural change. If the corporations are expected to be responsible for cybersecurity and employees rely on that, there could be a breakdown in security. Creating awareness of how protection needs to be done by all users…”

Frumkin, Lara. (2018). Psychological and Behavioural Examiniations in Cybersecurity.