Biblio

A report published by Forcepoint, titled Thinking About Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science, highlights availability bias as one of the biases held by security and business teams. Availability bias occurs when a person lets the frequency with which they receive information influence their decisions. For example, if there are more headlines about nation-state attacks, such attacks may become a greater priority to major decision-makers in the development and spending surrounding cybersecurity solutions. 

Implicit biases held by security professionals could lead to the misinterpretation of critical data and bad decision-making, thus leaving organizations vulnerable to being attacked. It has been highlighted that biases, including aggregate bias, confirmation bias, anchoring bias, and more, can also affect cybersecurity policies and procedures. Organizations are encouraged to develop a structured decision-making plan for security professionals at the security operations levels and the executive levels in order to mitigate these biases. 

Cognitive biases are considered to be logical errors in thinking. Such biases pose a significant threat to the security of enterprises in that they increase the success of social engineering attacks in which users are tricked into exposing sensitive information that could be used by attackers to infiltrate protected systems. Different types of bias, including anchoring bias, the availability heuristic, and the Dunning-Kruger effect, could also affect responses to cyber incidents. It is essential to understand biases to reduce human error.