Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Tamir Hardof
Tamir Hardof
Connect Directly
E-Mail vvv

Find Your Framework: Thinking Fast and Slow

Economist Daniel Kahneman's classic book has lessons for those in security, especially now.

In his groundbreaking book, Thinking Fast and Slow, Nobel Prize-winning economist Daniel Kahneman lays out the conflict in our minds between "the impulsive, automatic, intuitive, or System 1, and the thoughtful, deliberate, calculating System 2. As they play off against each other, their interactions determine how we think, make judgments, and act." This book summarizes years of his research into behavioral economics and demonstrates how these two thought systems can have the same inputs yet arrive at different results.

I've been thinking about this book as I talk to my colleagues in cybersecurity. Everyone is in a mad rush. The pressure is on to make changes. The new reality of having a completely remote workforce is putting immediate and acute strains on the current way of doing business. From access to endpoints, firewalls to services, enterprise operations weren't designed for this. At the same time, malicious actors are living down to their reputation and taking advantage. According to the FBI, attacks are already up.

What does "thinking fast and slow" mean in this context? For business leaders, it means that we need to be deliberate but decisive. We need to think about dependencies and implications before acting. Often, the best decision isn't the one that gets you to a destination the fastest but one that gets you there at a reasonable amount of time with a minimum amount of risk.

There are many lessons in Kahneman's book that security leaders can use to avoid enabling malicious actors at the same time as employees.

Framing: For Kahneman, framing is all about how you present information. In the book, the author conducts an experiment in which the subjects were asked whether they would opt for surgery if the "survival" rate is 90%, while others were told that the mortality rate is 10%. Same situation, but vastly different results because of the presentation. How a security leader sets goals; quantifies results, objectives, and expectations; and presents his or her options and recommendations is the first measure of success. This is especially important at a time of massive change, when board interest is at its apex and broad organizational support is required.

Sunk costs: According to Kahneman, people tend to "throw good money after bad" in part to avoid feelings of regret. In business, this results in investing in bad projects solely because they've already been invested in. Is it more emotional, a fear of regret, or fear of being exposed to their colleagues for failure, for needing to take a new approach? Are these decisions being made, or not made, for the right reasons?

Overconfidence: If something is familiar to us, we tend to have undue confidence in what the mind believes it knows. The lesson for security leaders is that doing things as they've always been done, just bigger or faster, isn't always the best answer.

Choices: We tend to address problems in isolation. Kahneman's research shows that "when other reference points are considered, the choice of that reference point (called a frame) has a disproportionate impact on the outcome." What does that mean for the security choices we are making or not making? These decisions have so many dependencies and implications that making decisions about perimeter security, or access solutions, or firewall policy in isolation can have far-reaching negative consequences.

We all feel the pressure to act, to be an agent of change, and come through for the organization during this incredibly difficult time. Kahneman, a behavioral economist, would tell us to take emotion out of our decision-making. Easier said than done — that's why it takes work! Despite having nothing to do with our day jobs, Thinking Fast and Slow can provide a framework for better decision-making and, when we need it most, protect us from our own worst impulses.

I'd be interested to hear if there are any books that you've found yourselves thinking about in recent weeks. If so, let me know what it was and why in the comments. Thanks for reading.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Tamir Hardof is Chief Marketing Officer at Axis Security. Tamir is responsible for leading all marketing activities for the company. Prior to joining Axis Security, Tamir was Vice President of Marketing at Kenna Security where he led all corporate, partner, and product ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/11/2020 | 6:07:03 PM
Economic Growth Strategy 2020
Nice article Tamir it helps a lot and provide the overview on making new action plans and its implementation, I request you to review my blogs on economic growth on https://www.getbestbusinesscoach.com/
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...