iTnews
  • Home
  • News
  • Technology
  • Security

Humans not evolved for IT security

By Iain Thomson
Oct 24 2007 2:44PM

Human beings aren't evolved for security in the modern world, and particularly the IT security world, according to security guru Bruce Schneier.

Humans not evolved for IT security
He told delegates at the 2007 RSA Conference that there is a gap between the reality of security and the emotional feel of security due to the way our brains have evolved. This leads to people making bad choices.

"As a species we got really good at estimating risk in an East African village 100,000 years ago. But in 2007 London? Modern times are harder."

Our brains evolved to deal with the reality of security, but emotional aspects also have a big role, he added. There are a number of such factors that prevent people from making the right security decisions. For instance:

  • Exaggerate uncommon risks – for example, air travel is safer than cars but because car accidents are common they are seen as less risky

  • Unknown risks – The unknown is always scary

  • Personified risk – Osama Bin Laden is scarier than a faceless threat

  • Involuntary risks – We overestimate the risks of situations where we have no control, like natural disasters

  • Risks that could be controlled – The DC sniper caused a few deaths but the response was way out of proportion.


"In the technology industry we like to think we're computers, but we're not even close," he said.

"The brain is still in beta mode, it's got all sorts of patches and workarounds. It's not perfectly created, it's clearly evolved up."

Too often in the industry products appealed to people's emotions rather than addressing business facts and that was hurting the industry.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
evolvedforhumansitnotsecurity

Related Articles

  • "Scattered Spider" evolves with new ransomware and social engineering tactics "Scattered Spider" evolves with new ransomware and social engineering tactics
  • Gov to encourage vuln research, puts insurers and NFPs on notice Gov to encourage vuln research, puts insurers and NFPs on notice
  • Palo Alto Networks in talks to buy CyberArk Palo Alto Networks in talks to buy CyberArk
  • Google's Gemini CLI agent could run malicious code silently Google's Gemini CLI agent could run malicious code silently

Partner Content

AI in cybersecurity: weapon or shield?
Promoted Content AI in cybersecurity: weapon or shield?
AI Copilot: Breaking Down Silos & Securing the Future
AI Copilot: Breaking Down Silos & Securing the Future
AI and quantum computing widen the machine identity security gap
Partner Content AI and quantum computing widen the machine identity security gap
Machine identity a key priority for organisations’ security strategies: CyberArk
Partner Content Machine identity a key priority for organisations’ security strategies: CyberArk

Sponsored Whitepapers

Digital Transformation That Works in the Real World
Digital Transformation That Works in the Real World
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Transforming IT for the Hybrid Era
Transforming IT for the Hybrid Era
Powering secure AI at the Edge: What you need to know before it’s too late
Powering secure AI at the Edge: What you need to know before it’s too late
Ditch the Spreadsheets. Build a System That Grows With You.
Ditch the Spreadsheets. Build a System That Grows With You.

Events

  • Tech in Gov 2025 Tech in Gov 2025
  • Forrester's Technology & Innovation Summit APAC 2025 Forrester's Technology & Innovation Summit APAC 2025
  • Local Government Focus Day Western Australia Local Government Focus Day Western Australia
  • Digital Leadership Day Western Australia Digital Leadership Day Western Australia
  • Government Cyber Security Showcase Western Australia Government Cyber Security Showcase Western Australia
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Gov to encourage vuln research, puts insurers and NFPs on notice

Gov to encourage vuln research, puts insurers and NFPs on notice
Palo Alto Networks in talks to buy CyberArk

Palo Alto Networks in talks to buy CyberArk
Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective
Allianz Life says majority of US customers' data stolen in hack

Allianz Life says majority of US customers' data stolen in hack
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.