How cybercriminals exploit the way we make decisions
Knowing about decision traps can help you outsmart the bad guys to protect yourself and your organization
With special guest contributor Candice Carter
This summer, Brent’s 92-year-old mom was hit with COVID. About the same time, she was hit with a computer virus from a phishing attack.
Thankfully, she wasn’t severely impacted by COVID. However, she was very much impacted by the phishing attack. Everyone in her email history and address book got phishing messages, and some of her important online financial and health accounts were at risk of having been compromised.
Brent’s family had her immediately shut down her computer and take it to local technicians to be professionally wiped of malware and viruses. They also worked with her to change all of her passwords and switch to a different email host, which required her to drop her beloved AOL email address of 20 years, rebuild her address book, and try to retrieve precious past emails without re-triggering the malware.
This process took her offline for more than two weeks and essentially cut her off from her kids, grandkids, friends, and community.
While we have no idea what link or phishing email she had clicked on, we know it was likely something that made complete sense to her and to which she reacted quickly. She had been well schooled on what not to respond to or click on, and she is in full command of her faculties. We suspect the cybercrooks likely hacked into her decision-making processes by exploiting one of several possible mental shortcuts that any of us could fall prey to.
For her, the impact was two weeks of hassle and being cut off, plus a bit of embarrassment. For organizations, the impact can be much more significant – loss of customers, reputation, trust, money, jobs … the list can be long. A recent IBM benchmark study put the average cost of a data breach in 2022 at $4.35 million.
Mental shortcuts can create errors
We make a lot of decisions each day, whether or not we are aware of them. Depending on how a “decision” is defined, the daily number can creep into the thousands. Although we may believe most of our decisions are rational, cognitive science shows that we are often far less objective than we think. Our brains use mental shortcuts to preserve cognitive resources whenever it can. These shortcuts do not necessarily reflect reality or rationality, but we rely on them to expedite and simplify information processing. In fact, we use them so frequently and effortlessly that we do not even realize we are doing so.
While these mental shortcuts help us deal with the complexities of life, some can negatively impact our decision-making. We call these shortcuts “decision traps.” What’s worse, these decision traps are predictable, which means cybercriminals can exploit them and trick us to gain access to our sensitive data. Not surprisingly, cybercrooks continue to become more sophisticated in their use of social engineering techniques to exploit these decision traps.
When we better understand how these traps work, we can anticipate how cybercrooks might attempt to take advantage of us. This knowledge can help us not fall prey to their tricks. In short, knowledge is power to help us thwart cybercriminals by being ready for their ruses and outsmarting them in advance.
7 common decision traps and how you can prevent cybercriminals from exploiting them
7 additional tips for making good decisions and thwarting the cybercrooks
Conclusion
A good social engineer knows how to take advantage of the way people think and make decisions, and some of the bad guys are skilled social engineers. Getting hacked has major implications both for ourselves personally and for our organizations. In addition, recovering from being phished via email or vished by phone can be a huge drain of your mental and emotional energy.
While we don’t want to become cynical and paranoid, we also don’t want to unwittingly fall prey to cyberattacks that can easily be avoided with a better understanding. It’s important to take steps to protect ourselves by getting smart about how hackers turn our simple decision-making shortcuts against us.
The tips listed here can protect you and your organization from damage to your finances or your reputation, and can help you avoid difficult disruptions to your life and business.
Special guest author Candice Carter is an information security expert at Novavax. She suggested this topic after attending a Decision Mojo™ session and recognizing that what Brent was teaching about decision-making was applicable in the cybersecurity world.
Diagnose a decision
Could you be falling into one or more common decision-making traps? Take a complimentary Decision Mojo™ Decision Diagnostic to find out!
- How Nike’s new CEO is helping employees make better decisions - November 5, 2024
- Darwin on decision-making: 2 techniques that will help your skills evolve - October 11, 2024
- A decision process gone wrong, and what we can learn from it - August 27, 2024