The Psychology of Security is a unique phenomenon:
Or a screenshost:
So how to explain the Psychology of Security in a new and simpler? way…
Let’s say we have a small business – we do not have a large payroll (a few employees), so the sales are also less than a million$, let’s put sales at half a million dollars. The margins of the business is not that large – so it takes all the efforts and energy of the owner and employees to keep things operational with all of the changes in the world.
So this means there really is not enough time or resources for new initiatives as the owner would like.
So now we have set the stage.
What about Cybersecurity? Well, the owner expects the IT department to take care of that (usually it is an employee that is good with technology- or a 3rd party consultant).
So should you pay more attention to Cybersecurity or leave the arrangement as is?
To pay more attention to Cybersecurity there has to be a reason. When the choice is looked at one has to spend more time and money on Cybersecurity to essentially not lose data and resources.
This choice is not easy to analyze for the business owner. Unless one has a natural disposition to security. The choice of spending money to lose less money is a choice 30% of people do not make.
The problem is that the criminals know this, and have developed ransomware for a few thousand dollars (programmers are cheap in east europe). It only takes 5 ransomware successes in a scatter shot of millions to get money back. One does not need a business degree to see that out of a million email campaign that costs $50-$100 where one receives $300-$500 for every successful attack.
We are going to receive more possible attack angles, not less.
The real choice is not losing a little bit of money, but losing your business. IF one does not have the IT setup just right and ransomware is successful how will you recover when you lose all your data?
It is too difficult of a burden to overcome – thus many businesses give up and reincarnate as something else or forget about it altogether.
What do you think of this new attempt at explanation? Contact us to let us know.
One thought on “Psychology of Security Part 2 or “let’s try this again””
[…] have talked about the Psychology of Security as penned by Bruce Schneier (2019 post) – where he outlines the effect of the person trying avoid spending money if it is a risk to […]