Fortunately, most human behavior is learned observationally through modeling: from observing others one forms an idea of how new behaviors are performed, and on later occasions this coded information serves as a guide for action.
Excerpt from: The Advertising Effect: How to Change Behaviour by Adam Ferrier
To test this theory, a few years ago I ran a study in which two groups of people were asked to take part in an experiment in which they spent an afternoon picking up litter in a London park. Participants were told that they were taking part in an experiment examining how best to persuade people to look after their local parks. One group were paid handsomely for their time, while the others were only given a small amount of cash. After an hour or so of backbreaking and tedious work, everyone rated the degree to which they had enjoyed the afternoon. You might think that those clutching a large amount of well-earned cash would be more positive than those who had given their time for very little money.
In fact, the result was exactly the opposite. The average enjoyment rating of the handsomely paid group was a measly 2 out of 10, while the modestly paid group’s average ratings were a whopping 8.5. It seemed that those who had been paid well had thought, ‘Well, let me see, people usually pay me to do things I don’t enjoy. I was paid a large amount, so I must dislike tidying the park.’
Excerpt from: 59 Seconds: Think a little, change a lot by Richard Wiseman
A hyper-connected world means the talent pool you compete in has gone from hundreds or thousands spanning your town to millions or billions spanning the globe. This is especially true for jobs that rely on working with your head versus your muscles: teaching, marketing, analysis, consulting, accounting, programming, journalism, and even medicine increasingly compete in global talent pools. More fields will fall into this category as digitization erases global boundaries—as “software eats the world,” as venture capitalist Marc Andreesen puts it.
A question you should ask as the range of your competition expands is, “How do I stand out?”
“I’m smart” is increasingly a bad answer to that question, because there are a lot of smart people in the world. Almost 600 people ace the SATs each year. Another 7,000 come within a handful of points. In a winner-take-all and globalized world these kinds of people are increasingly your direct competitors.
Intelligence is not a reliable advantage in a world that’s become as connected as ours has.
But flexibility is.
In a world where intelligence is hyper-competitive and many previous technical skills have become automated, competitive advantages tilt toward nuanced and soft skills—like communication empathy. and, perhaps most of all, flexibility.
Excerpt from: Mind Over Money: The Psychology of Money and How To Use It Better by Claudia Hammond
“Your idea needs to be original only in its adaptation to your problem.”
—THOMAS EDISON
Excerpt from: Evolutionary Ideas: Unlocking ancient innovation to solve tomorrow’s challenges by Sam Tatam
One of the first experiments on the topic was run in the USA by Solomon Asch. He asked subjects to evaluate a person simply on the basis of a list of six adjectives describing him. They might be told that he was ‘intelligent, industrious, impulsive critic, stubborn and envious’. Other subjects were given exactly the same six words but in the opposite order, ‘envious, stubborn, critical, impulsive, industrious and intelligent’. All subjects were then I asked to fill in a rating sheet in order to evaluate the person. For example, they had to indicate how happy they thought he was, how sociable he was, and so on. The subjects who heard the first list, which began with favourable adjectives evaluated the person considerably more highly than did those given the list beginning with the derogatory words. This effect – being more heavily influenced by early than by late item – is called the ‘primacy error’.
Excerpt from: Irrationality: The enemy within by Stuart Sutherland
For example, the bright red Powerball in Finish dishwashing tablets, as well as the salient red centre of Anticol’s medicated throat lozenges, illustrates “this is the hardworking bit.” When we see these products there’s no question in our minds where the unique value or effort is. They’re practically radioactive. As Rory Sutherland writes in Alchemy, the same is true of striped toothpaste.’ Psychologically, the red, blue and white coloured stripes give us a clear signal that the toothpaste is performing more than one function, aiding the belief that this single toothpaste can offer the trifecta of strong teeth, fresh breath and …
Excerpt from: Evolutionary Ideas: Unlocking ancient innovation to solve tomorrow’s challenges by Sam Tatam
When technical glitches marred their Manchester concert in June 2009, mega-band Oasis turned to the symbolic power of a signature to rescue them. Recognising the gig’s disruptions, the band sent out an eye watering 1m pounds worth of cheques in reimbursement. “People can obviously cash them in,” a spokesperson told the Manchester Evening News after the band offered the crowd a refund. Their genius? Anticipating that fans would never take them to the bank, every cheque was hand signed by Oasis frontmen Liam and Noel Gallagher. With pen and ink alone, the band saved themselves a fortune.
Excerpt from: Evolutionary Ideas: Unlocking ancient innovation to solve tomorrow’s challenges by Sam Tatam
When researchers from Columbia University analysed more than three-quarters of million individuals associated with a leading investment group, the team found that for every additional ten retirement savings funds available, participation declined by about two percentage points.” In essence, the more options available, the fewer people went on to save for their retirement. “The fact that some choice is good doesn’t necessarily mean that more choice is better,” reinforces psychologist Barry Schwartz. He calls this the paradox of choice.
Excerpt from: Evolutionary Ideas: Unlocking ancient innovation to solve tomorrow’s challenges by Sam Tatam
For example, the clever people from Dulux paint recognised that an absence of visual feedback also wreaks havoc for exhausted DIYers looking to decorate white ceilings with white paint (it’s near impossible to know where you have already painted!).
Addressing this issue, Dulux created NeverMiss, a ceiling paint that goes on pink (providing clear feedback against white ceilings) and dries white, helping painters create a uniform finish. Likewise, to prevent ‘creepers’ edging over the speed limit, radar-enabled speed displays providing real-time feedback now reduce speeding by up to 10%. There are nappies that signal when they’re soiled, tissues that change colour when you’re nearing the end of the box, razorblades that turn green when it’s time to change the blades, and even tyres that wear away to reveal the message “change tyre” when your tread becomes dangerously thin.
Excerpt from: Evolutionary Ideas: Unlocking ancient innovation to solve tomorrow’s challenges by Sam Tatam
Two scientists at Microsoft Research, Jake Hofman and Dan Goldstein, believe in this idea so strongly that they’ve spent the better part of a decade spearheading a project known as the Perspectives Engine with a simple goal: develop tools that make numbers easier for humans to understand.
Microsoft’s search engine, Bing, delivers millions of facts a day in response to queries. The Perspectives team wondered whether some simple contextual phrases would help people understand and remember their numerical search results.
So they did something basic: Instead of just reporting that Pakistan has an area of 340,000 square miles, they added a brief “perspective phrase,” something like “that’s about the size of 2 Californias.” And then, at time scales ranging from a few minutes later to a few weeks later, they tested people to see if they remembered the fact they had been shown.
Some perspective phrases were better than others. Simpler comparisons from more familiar states or countries led to better memory for the facts. But ALL phrases were better than nothing. Even a slightly unwieldy comparison was more effective than a number alone.
Excerpt from: Making Numbers Count: The art and science of communicating numbers by Chip Heath and Karla Starr
And why not? Indeed, I think the best copywriting is a form of poetry. We fuss and fret about the way things sound just as much as poets do. So study their techniques, see how they use language, rhythm and imagery to achieve their effects. Anyway, it’s good for you. What do they know of copywriting that only copywriting know?
Excerpt from: D&Ad Copy Book by D&AD
Beware loading your prose with too many jokes and verbal conceits. As a rule, the plainer you keep things, the greater effect of the occasional flourish.
Excerpt from: D&Ad Copy Book by D&AD
Any copywriter has to strike a deal with the reader. And as far as the reader is concerned, the deal is this. I’ll keep reading for as long as you keep me interested. So always ask yourself: have I expressed this in as original a way as possible? Have I been ruthlessly concise? Have I kept my side of the bargain?
Excerpt from: D&Ad Copy Book by D&AD
Einstein was a great fan of this technique. He said that: “To stimulate creativity, one muse develops the childlike inclination for play.” Researchers at the North Dakota State University agree. They conducted an experiment where they asked 76 undergraduates what they would do if college were cancelled for the day. The interesting bit was that half of them were encouraged to think as if they were seven years old. These students were found to give much more creative responses than the control group.
Excerpt from: Go Luck Yourself: 40 ways to stack the odds in your brand’s favour by Andy Nairn
When looking to the future, we tend to overestimate the good stuff and underestimate the bad.
This is a draft chapter from my new book; Security Gems: Using Behavioural Economics to Improve Cybersecurity (working title).
Subscribe to read new chapters as I write them.
Marriage. It’s a wonderful thing, isn’t it?
In the Western world, the numbers don’t agree. Divorce rates are about 40 percent.
That means that out of five married couples, two will end up in divorce. But when you ask newlyweds about their own likelihood of divorce, they estimate it at zero percent.
Good luck to them!
Optimism bias is sometimes used interchangeably with ‘overconfidence’, and refers to the phenomenon whereby individuals believe they are less likely than others to experience a negative event.
As humans we need some level of optimism, if we went in to marriage thinking it would end in divorce, marriage simply would not exists.
The optimism bias is an intriguing concept that comes with a host of benefits, such as shielding us from depression and ensuring we respond positively to failure.
Sadly, though, the optimism bias in cyber security leaves us overly-vulnerable to cyber attack.
When I was growing up, there was a kid in my neighbourhood who loved climbing trees. I was always suspicious one of his parents was a monkey.
He’d shoot up them, without a second thought.
Once, thirty metres in the air, a branch broke beneath him. All of us standing below heard the crack. It sounded like lightning, followed by a heavy thud as it hit the ground
Luckily he managed to quickly reach out and grab a branch above, saving himself from a long fall.
Whilst the slip didn’t bring him back down to earth, it did bring him back to reality. It took him the rest of the day to climb back down. And weeks before we saw him up another tree.
The dangers of being overly optimistic or self-confident can often blind us to the very high likelihood of negative outcomes.
When there’s nothing to warn us of our impending doom we get even more reckless.
Drink and drug driving is a massive problem, and is in a large part a result of our unbounding optimism.
“I’ve only had a couple of beers”, offers no solace to the family whose love one has been killed as a result of impaired reaction times.
Nightclubs in Germany came up with a brilliant idea to reduce the problem of their patrons jumping into cars after a night on the tiles; piss screens.
Urinals allowed drivers to steer a car in a video games using their pee. Aim left to go left. Right to go right.
If you’re too slow or swerve too much, that is to pee on the blokes foot next to them, the car would crash. “Too pissed to drive”, the screen would read, along with the number of the local taxi firm.
Again, in life we need moments to peg us back to reality.
When people receive emails they don’t necessarily treat them with the suspicion they deserve.
Far too often, we’re optimistic about the outcome of clicking links, and end up clicking malicious links or opening malicious attachments.
Wether it’s drink driving, or clicking an email. Both can have catastrophic consequences.
Facebook do a great job of warning us about the result of our actions. Click an external link on your newsfeed and they’ll make you confirm the link shown is where you want to end up.
The aim here is to make the negative effects and losses of a certain action clear to the individual, and offer a clear, safer alternative.
Sadly Facebook don’t do this with uploading drunk photos yet.
Now, I’m not advocating we all become pessimists. World economies rely on optimism.
Entrepreneurs need optimism.
Do you ever find yourself in situations wondering “how hard could it be?”.
As an amateur home-chef, I have a particularly bad habit of asking this type of question when dining out. How hard could it be to create a menu? Cook the food? Leave the customers wanting more?
I make a great Pad Thai.
In my town one particular restaurant unit has changed hands five times in as many years. Italian. Indian. Thai. Greek. Italian, again.
It’s not unusual. In some cities, the chance of restaurant failure in the first year can be as high as 90%. That is, nine out of every ten restaurants opened will fail!
Nine in ten! Who would want to open a new restaurant?
Restaurateurs know the numbers, but despite the well-documented failure rates, they often don’t think they apply to them. They might argue their concept is different to the others, their restaurant is in a better part of town, or the cuisine is seeing new popularity.
But do they really have a better chance of success than others trying the same thing?
In the majority of cases, no.
The problem is we don’t know the reason behind the facts. We don’t know a lot about others, but know a lot about ourselves.
We’re optimistic about ourselves, we’re optimistic about our kids, we’re optimistic about our families, but we’re not so optimistic about the guy sitting next to us, and we’re pessimistic about the fate of our fellow citizens and the fate of our country.
This plagues those responsible for creating public health messaging.
One in two UK people will be diagnosed with cancer in their lifetime. But despite the odds most people don’t think they’ll get cancer [1].
38 percent of cancer cases are preventable in the UK. 15 percent of that can be attributed to stopping smoking.
Yet millions of people still smoke, pouring their hard earned money into the pursuit of lowering their health outcomes.
People explain it away. They go to the gym everyday. Other smokers don’t. They don’t drink, like other smokers.
Comparative optimism, where we can’t make a direct comparison, convinces us others are more likely to suffer negative experiences than we are ourselves.
Studies around peoples perceived privacy risks, like unauthorised access to accounts and sharing of personal information, is much more likely to happen to other people [2].
Almost half of all UK businesses suffered some form of cyber security breach in 2020 [3].
Yet companies don’t think it will happen to them.
It’s why we can ignore network security risks while at the same time reading about other companies that have been breached. It’s why we think we can get by where others failed.
Optimism induced invincibility needs to be accounted for, and removed. You are no better than your peers, mostly.
Skiing. Windsurfing. Rock climbing. These are the kinds of things I love to do on holiday.
Health insurance companies don’t like me doing them. I know this because they charge me a hefty premium for coverage.
Previously I was guilty of questioning if travel insurance was worth the money.
Whilst speaking to the Swiss Mountain Rescue team one Winter, they told me just how much it cost to be evacuated via helicopter. About $100 per minute. And that’s from takeoff to landing.
Perceptions of actual risk can be clouded by optimism. I don’t go on holiday to break a leg, but the chance is pretty high.
It’s not just that we don’t think bad things can happen to us or are more likely to happen to someone else. We–all things being equal–believe that good outcomes are more probable than bad outcomes.
In one study, participants were given a list of 18 positive and 24 negative events, like getting a good job after graduation, developing a drinking problem, and so on [4].
Overall, they considered themselves 15% more likely than others to experience positive events, and 20% less likely than others to experience negative events.
People are more likely to accept risks if they feel they have some control over them.
Here we see the feeling of security diverging from the reality of security.
Controlling for this feeling is important.
We all know someone that has “seen it all”.
Experience often trumps decision making. It offers a sense of security.
But never let it cloud the actual risks, which should be assessed with an eye of experience, but also an eye of fatalism.
You are not invincible.
[1] Cancer risk statistics
[2] Optimistic bias about online privacy risks
[3] Almost half of UK businesses suffered a cyber attack in past year
[4] Unrealistic Optimism about Future Life Events
This post is a draft chapter from my new book. Pardon the typos.
We seek out or interpret information that confirms our preconceptions, avoiding things that challenge them.
This is a draft chapter from my new book; Security Gems: Using Behavioural Economics to Improve Cybersecurity (working title).
Subscribe to read new chapters as I write them.
According to the flat Earth model of the universe, the sun and the moon are the same size.
You’ll find credible looking mathematical models that argue the theory. Photographs taken from a plane showing a flat horizon. Queries about how the seas could ever exist if the earth was round.
You won’t find calculations from Eratosthenes who is credited for discovering the earth was round. Photographs taken from space of a round planet. Or mentions of gravity, which holds the water in the seas.
Or does it?
As humans we have a disposition to confirm our beliefs by exclusively searching for information that supports a hunch while excluding opposing data.
Confirmation bias isn’t limited to conspiracy theorists. It causes us to vote for politicians, investors to make poor decisions, businesses to focus on the wrong ideas, and almost certainly led you to buy this book.
During the 2008 US presidential election, Valdis Krebs analysed purchasing trends on Amazon. People who already supported Obama were the same people buying books which painted him in a positive light. People who already disliked Obama were the ones buying books painting him in a negative light. [1]
People weren’t buying books for the information. They were buying them for the confirmation.
I’m in no doubt the people buying this book have a predisposition for product psychology.
Sound like you?
I love the word “yes”.
Yes, have an extra slice of cake. Yes, you do look good today. Yes, you are the best.
Experiment after experiment has shown that people tend to ask questions that are designed to yield a “yes”.
This is also known as congruence heuristic [2].
Google search histories are a good demonstration of the affirmative questions we all love to ask.
“Are cats better than dogs?”
We prime Google that cats are indeed better than dogs. Google hears we have a preference for cats. Google plays ball, listing sites detailing reasons why cats are better than dogs.
“Are dogs better than cats?”
The same question phrased differently produces entirely different results. Now dogs are better.
“Which is better; cats or dogs?”
Or;
“What is the best pet for [my situation]?”.
Would have been better questions. Obviously the answer is always dogs.
Affirmative approaches to reasoning are common in security.
Analysts enter an investigation digging for an answer they really want. They are worried about their manager pulling them up because they’ve not found anything juicy. The CISO needs their shiny dashboard showing number of threats detected.
Teams lose sight of the bigger picture.
Such an approach creates blindspots because people are looking for what they know, instead of considering other possibilities, the negative test cases.
I hate the word “No”.
No, you can’t have an extra slice of cake. No, you don’t look good today. No, you are not the best.
It’s hard to accept something that conflicts with what we believe. So-much-so our brains have developed a coping mechanism of sorts.
Imagine you’ve spent years of research into a particular area of study.
Late nights in the lab trying to uncover evidence to support you hypothesis. Weekends spent fretting over calculations. Months lost scouring obscure libraries.
All to prove the world is flat.
So much knowledge makes it easy to explain away a “no”.
A picture of earth from space.
That’s Hollywood magic at work.
Tides.
Well, “Isaac Newton is said to have considered the tides to be the least satisfactory part of his theory of gravitation”. “Duh!”. [3]
People tend to not change their beliefs on complex issues even after being provided with research because of the way they interpret the evidence.
Capital punishment is another polarising issue, but one that also draws on our moral compass.
In one experiment, a mix of participants who were either in support of, or against capital punishment were shown the same two studies on the subject.
After reading the detailed descriptions of the studies, participants still held their initial beliefs and supported their reasoning by providing “confirming” evidence from the studies and rejecting any contradictory evidence, or considering it inferior to the “confirming” evidence. [4]
We can all be guilty of trying to explain aways why things that don’t conform to what we believe.
“Well, that could never happen. Our firewall will block that type of thing”.
And we’re a stubborn bunch.
I’ve had some silly arguments in my time. Backing down in the heat of an argument with a partner can be hard at the time, but laughable an hour later.
Politics is a similarly laughable pursuit.
Many people hold an allegiance to the same political party their whole life.
Democrats questioned why people still voted Republican when Trump was on the card, despite of all the evidence questioning the reality of his claims to “Make America Great Again”.
Evidence might hold a strong position in the court of law. In the court of public opinions it’s not so strong.
In fact, not only is it not so strong, it can work against our reasoning! People’s preexisting beliefs are not only explained away when challenged by contradictory evidence, they have been shown to actually get stronger! [5]
All is not lost though.
Whilst one piece of disconfirming evidence does not result in a change in people’s views, it has been shown a constant flow of credible refutations can correct misinformation and misconceptions.
Think about how you disseminate your research.
Before forensic science became an integral part of the criminal justice system, eyewitness accounts were the basis of a prosecutor’s case.
The problem is our memory just isn’t particularly good. We remember some things and forget others. It tries to link memories together for easier recall, often falling victim to confirmation bias, amongst others in the process.
“Was the car speeding or not speeding, ma’am?”.
“Yes, officer. I heard the engine revving loudly.”
Confirmation bias influences eyewitnesses to make non-factual assumptions.
A revving engine might be linked to speeding in one mind. A mechanic might recognise this as a badly tuned engine, completely unrelated to speed.
Hundreds of wrongful convictions have been overturned in recent years as a result of cases bought solely on eyewitness accounts for this very reason.
The future is strongly influenced by memories of experiences in our past. It’s a fundamental to becoming the best.
Which is great if you’re trying to perfect a free kick into the top corner, but often falls short in many other areas. Like reading the resumes of job applicants.
Oxford University; advance to interview. Likes cats; nope.
In one scenario, individuals were asked to read a woman’s profile detailing her extroverted and introverted skills. Half were asked to assess her for either a job of a librarian or salesperson.
Those assessing her as a salesperson better recalled extroverted traits while the other group recalled more examples of introversion [6]. Their memories told them the best sales were extroverted and vice-versa.
Before long your team talks the same, thinks the same, and dresses the same. They thrive of validating their same outlook on the world.
To quote Eminem; “Would the Real Slim Shady please stand up?”.
Management consultants love to hark on about the benefits of seeing things from a different perspective. And they’re right.
Sometimes a breath of fresh air can give you a new take on security strategy.
Try to prove yourself wrong.
[1] New Political Patterns
[2] Heuristics and Biases in Diagnostic Reasoning (Baron, 2000)
[3] Earth Not a Globe
[4] Biased assimilation and attitude polarization: The effects of prior theories on subsequently considered evidence (Lord, Ross, & Lepper, 1979)
[5] The Backfire Effect
[6] Testing hypotheses about other people: The use of historical knowledge (Snyder, M., & Cantor, N.,1979)
This post is a draft chapter from my new book. Pardon the typos.
We remember things that stand out in the crowd. But different doesn’t necessarily mean it’s important.
This is a draft chapter from my new book; Security Gems: Using Behavioural Economics to Improve Cybersecurity (working title).
Subscribe to read new chapters as I write them.
To “stand out like a sore thumb” implies that something is noticed because it is very different from the things around it.
I’m often guilty of being the sore thumb. Dressed in shorts mid-winter, whilst those around are being warmed by five layers of clothing.
One of the factors behinds EasyJet’s success, arguably the pioneer of the low-cost flight, was to stick out like a sore thumb. The companies early advertising consisted of little more than the airline’s telephone booking number painted in bright orange on the side of its aircraft.
“Have you heard of that orange airline?”, people would ask.
Have you ever highlighted information in a book? Then you too have used this effect to your advantage.
Psychologists have studied why our attention is usually captured by salient, novel, surprising, or distinctive stimuli. Probably using highlighter during their research.
Product designers understand our fascination with things that stand out and will spend hours perfecting the size, colour and shape of something to grab your attention, directing you on the path they want you to take.
Good products guide users to the important features and functions by making them stand out.
The big red flashing bell indicating a security alert should be distinctive, drawing attention and making it very clear that it needs to be looked at.
Being able to draw attention to something in the age of information overload is vital.
An email received from a friend or family member sticks out amid a sea of unfamiliar names.
A letter where the address is handwritten stands out, allowing me to easily filter boring correspondence from correspondence I will enjoy reading.
“YOU’VE WON A PRIZE”
“YOUR ACCOUNT HAS BEEN COMPROMISED”
These email subject lines have a similar effect.
Not only is someone shouting at you, they’re also warning you of a potentially serious event that arouses a sense of urgency.
It’s not your everyday (or hourly); “Sally has liked your photos taken in 2003 on Facebook” email. It’s serious.
In phishing school [2], you’ll find classes titled: How to grab a victims attention.
Successfully grabbing the attention of someone browsing their inbox is the first part of a successful campaign. You should expect the attackers to have aced that class.
Digging deeper into the email inbox, or not as the case may be, it’s clear our brains weren’t designed to deal with mountains of spam.
So called alert fatigue highlights this weakness. People stop noticing alerts, emails, texts, and [INSERT LATEST COOL MESSAGING SERVICE HERE] because there are simply too many.
People become desensitised to similar things being shown to them every day.
I once sat with a client who somewhat proudly proclaimed the “Alerts” folder in his inbox stood at 10,000 unread emails. That was nothing he assured me, his colleagues folder clocked closer to six digits!
You don’t want to foster this culture.
When my fire alarm sounds, my heart rate accelerates as adrenaline is pumped into my blood stream. The noise that stands out. It’s important. It immediately draws all my attention. Yes, even from an oh so cute cat video.
Security alerting needs to have the same effect. To point you to real fires. To prioritise what is most important. Missing critical alerts, emails, texts, or warnings of actual fires does not typically end well.
The ability to recognise and remember things that stand out has long proved advantageous to our species.
As hunter gatherers being able to determine something that stood out was vital in finding food and avoiding becoming food.
Evolution has long realised standing out is a disadvantage.
Chameleons.
The Artic Hare is another great example of the evolutionary importance of blending in.
In the winter their bright white coats hide them from predators amongst a backdrop of snow. In spring, the hare’s colours change to blue-gray in approximation of local rocks and vegetation.
Humans are no different.
Go to a club on a Saturday night and watch the herds of men and women dressed head to toe in clubbing uniforms.
During my college years flannel shirts were the “in-thing”. One night I bumped into 3 other guys, who all had a great taste in fashion I will add, all wearing the same shirt.
Militaries around the world understand the importance of camouflage. Soldiers don’t want to stand out. It’s a matter of life and death on the battlefield.
Neither do criminals.
Actors know downloading terabytes of data in a short period of time will stand out. Instead they slowly exfiltrate data over months patterns don’t stand out.
Malware is designed to act like a user, disguising itself as a normal process on an endpoint.
Yet so much of cyber security is focused on identifying the anomalies.
Sure, anomalies are important. It’s why so many vendors consistently demo that there product proudly detected “3 failed logons, from 3 different locations, in 3 seconds, for 1 account”.
However, the things that stick out, in a world where the bad guys are doing everything they can to stay anonymous, are only part of the story.
In the early days of map making it took a lot of time to produce a map.
Companies had to hire someone to go out and walk every street.
Needless to say, plagiarism plagued the pre-computerised map making industry.
In the 1930’s, General Drafting, a map making company, came up with an ingenious idea. In their map of New York State they included a copyright trap; a fictitious place, Agloe [3].
Fast forward a few years and the company spotted Agloe detailed on a map produced by one of their fiercest competitors, Rand McNally.
Such was the problem, Agloe continued to appear on a number of maps up until the 1990s. I can imagine the disappointed faces of day-trippers, and the ensuing arguments about wrong turns.
These traps have come to be affectionately known as Mountweazels [4]: a bogus entry deliberately inserted in a reference work. Prizes for anyone who spots the one in this book.
Like Mountweazels, honeypots are similar traps used in computer networks.
A honeypot mimics a system that may be attractive to an attacker, but would only ever be accessed by someone snooping around.
Like a motion activated light illuminates intruders attracted by the shiny objects in your house, honeypots illuminates attackers attracted by the shiny potential they offer.
If you want people to remember something, make it stand out.
[1] Salience, Attention, and Attribution: Top of the Head Phenomena (Taylor & Fiske, 1978)
[2] Completely fictitious.
[3] Agloe, New York (Wikipedia)
[4] Fictitious entry (Wikipedia)
This post is a draft chapter from my new book. Pardon the typos.
