Security People are Scaremongerers

Here is yet another article pleading you to do something:

The article paints a dark picture. The Sony hack was unique in that the hackers actually deleted files, caused employees to not be able to work at the office for a little while, although nothing appreciable happened at the Sony stock price.


What about this article on the psychology of Security:

Lets move immediately to near the bottom of the Schneier article(first the bullet points):

{Here’s an experiment that illustrates a particular pair of heuristics. Subjects were divided into two groups. One group was given the choice of these two alternatives:

  • Alternative A: A sure gain of $500.
  • Alternative B: A 50% chance of gaining $1,000.

The other group was given the choice of:

  • Alternative C: A sure loss of $500.
  • Alternative D: A 50% chance of losing $1,000.

Traditional economics is based on something called “utility theory,” which predicts that people make trade-offs based on a straightforward calculation of relative gains and losses. Alternatives A and B have the same expected utility: +$500. And alternatives C and D have the same expected utility: -$500. Utility theory predicts that people choose alternatives A and C with the same probability and alternatives B and D with the same probability. Basically, some people prefer sure things and others prefer to take chances. The fact that one is gains and the other is losses doesn’t affect the mathematics, and therefore shouldn’t affect the results.


I recommend that you take the 2 choice questions.

Now let’s see what the population as a whole does:

{in general, most people will reject an even-chance gamble (50% of winning, and 50% of losing) unless the possible win is at least twice the size of the possible loss}

But here is why I point this article out:

{Yet most people (72%) choose A over B, and most people (78%) choose D over C. People make very different trade-offs if something is presented as a gain than if something is presented as a loss.

but when considering security losses, they’re more likely to risk a larger loss than accept the certainty of a small one.}

My question would be  What amount of money should you really spend on Security to safeguard your company.

So are you in the same boat? Do you still believe you will lose nothing? Therefore I should not spend any more money on security?

Of course guessing your chances of a breach is always just that a guess.  You may still need some educating if you believe there is a possibility of no one hacking you.

In my estimation this is the current situation (Bruce wrote that article about Psychology of Security many years ago near 2005)

Just as director of FBI says:”There are only two types of companies: those that have been hacked, and those that will be.” Notice there is no chance of you “NOT” being hacked. – Why is that?

The problem is there is a misconception in most CEO’s that there is still a chance of not being hacked. When I talk to people I hear it, the skepticism of it will not happen to me or nothing will happen if I do get hacked. Well, if I do get hacked nothing substantial will happen. ” I have nothing for the hackers to use, since I don’t bank online”, I have heard many excuses over the years.

The problem is in 2015 the game has changed. ALL computers ARE SUSCEPTIBLE TO BEING HACKED. There are no exceptions.

None.  So the actual question is the following:

When will your computer be hacked and how bad will it be?

If you get a Cryptolocker Ransomware you will lose access to your files, even if they are on the “cloud”. So are ALL(some or any) of your files worth anything? Be ready for the day that you may lose access to them. And I hope the backup you have is sufficiently designed to keep in mind a Ransomware attack. Ransomware is big business, and these criminal organizations are out trying to get into your computer right now.

So what will it be? Will you spend a modicum amount of money to safeguard or at least make a better defense?

We at Oversitesentry/ are dedicated to keeping you as safe as possible using the latest techniques just like a hacker would – except to protect you by pointing out flaws instead of breaking in and stealing or encrypting your files.

Contact Us



1 thought on “Security People are Scaremongerers”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.