Why Cyber Attacks Happen: Five Hazardous Attitudes


Why Cyber Attacks Happen: Five Hazardous Attitudes

Online attacks engineered to target people—not machines, are the leading vector for cyber-attacks. Generally, computer systems will always respond in a predictable manner: the port is either open or closed, the site or resource is either available or it is not, the credentials used are either valid or invalid. Binary options are housed and run on a computing platform known for predictability and precision. Computers do not get sleepy and they do not succumb to emotions nor do they exhibit hazardous attitudes. Cybersecurity and cryptography expert Bruce Schneier wrote nearly two decades ago, “Only amateurs attack machines; professionals target people.” Schneier was then—and continues to be—spot-on with his October 2000 observations.

Computer systems rarely make mistakes; humans make plenty. Lack of knowledge, understanding, or training, coupled with fatigue or incorrectly reading/skimming information, can cause a problem when a person is presented with a phishing email, for example. Human error can happen in the air, too, which is why “five hazardous attitudes” have been codified by the FAA:

  • Anti-authority: “Don’t tell me.”
  • Impulsivity: “Do it quickly.”
  • Invulnerability: “It won’t happen to me.”
  • Macho: “I can do it.”
  • Resignation: “What’s the use?”

These attitudes greatly increase risk and can be found not only in the cockpit, but also in the datacenter or in any department of an organization (C-suite included!) when presented with a phishing email after a long day or a long week of work. The antidotes to the hazardous attitudes are, per the FAA:

  • Anti-authority: Follow the rules. They are usually right.
  • Impulsivity: Not so fast. Think first.
  • Invulnerability: It could happen to me.
  • Macho: Taking chances is foolish.
  • Resignation: I’m not helpless. I can make a difference.

Professional cyber-attacks target people—that is the bottom line. Any one of the five hazardous attitudes can be visualized as someone’s finger rests above the mouse button before they click and unknowingly release the elements for a cyber-attack on their organization. This is where BizzSecure can help: our awareness of rules, regulations, procedures, and best practices can help your organization withstand cyber-attacks. Imagine: if your organization were compliant with a framework or a set of frameworks, had the right sets of eyes on firewall rules and security policies, and had the proper company-wide training to recognize out-of-band vectors used by attackers, staff would respond with predictability and precision. Please reach out to BizzSecure using the chat box in the bottom right-hand corner and we’ll help ensure organizational and operational success that can remedy these, and other vectors used by attackers.