The human behaviour is the real problem with security and privacy

Other trouble for Facebook, according to the article of The New York Times: the social media would have signed agreements allowing phone and other device makers to access vast amounts of users’ personal information, without their explicit consent.

Whether it is true or not, in the era of cyber-attacks, data breaches and scandals of web giants, the dominant message is that we have to get used to accepting these events, as a part of our everyday life.

It might be the price to be paid for the increasing digitalization of our society. Sure, digital evolution is a key priority for all countries, but the growth of risks and threats for personal data cannot be neglected.

The latest international news has contributed to reinforce the notion that threats to privacy and security are inescapable. First, the Facebook-Cambridge Analytica scandal with more than 87 million data people improperly used for political goal, and obviously, without the consensus of those involved. And now, the revelation cited above.

In the meantime, Twitter also had its security problems, because of the bug found in the system that stored passwords in readable text rather than “hashed” (encrypted). A risk for more than 300 million users, invited by the social network to change their passwords. And obviously, while this news becomes viral, the data of billion people continue to be harvested by several platforms.

I think that it is more than normal that people feel powerless in front of all these events: even though one can proceed with all due caution, the problem might be caused by someone else, without one’s own intervention. It seems like the only possible thing to do is to be prepared to manage the consequences. And to be able to do it.

Information about these sensational incidents is certainly important for everyone because it increases awareness that they are all exposed to digital world risks. But there is another side of the coin. If people perceive that there is no way out of these risks, they will probably end up gradually accepting the situation: such a climate of passive acceptance, if not a resignation, can become a major risk to manage. A sort of a desensitization effect, as also discussed in an interesting article by Zayan Guedim.

This effect is able to affect people’s behaviour and it is a well-known tendency in psychology. Think of terroristic attacks news: even if they have a strong emotional impact, their frequency can reduce people’s emotional response and interest.

Sure, we cannot compare this phenomenon to security and privacy problems, but human behaviour tends to repeat certain reaction patterns.

Hence, given the lack of a complete control on one’s own private data and the news about these negative events, people could think that efforts required to manage this situation is beyond their capabilities.

Besides this, human nature has to be taken into consideration. Generally, people tend to save mental efforts and simplify their life. They are often considered as “cognitive miser” (according to social cognitive research) since they have a tendency to use simple rules (heuristic) in judgment and decision making rather than more effortful ways.

Therefore, they might wonder why putting so much effort into something so difficult to manage and check. With the consequence that they could lose interest ant get used to everything. A slippery slope.

Author: Isabella Corradini

This article originally appeared on

L’articolo The human behaviour is the real problem with security and privacy sembra essere il primo su Cybersecurity Observatory.

Leave a comment