Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Tamir Hardof
Tamir Hardof
Connect Directly
E-Mail vvv

Find Your Framework: Thinking Fast and Slow

Economist Daniel Kahneman's classic book has lessons for those in security, especially now.

In his groundbreaking book, Thinking Fast and Slow, Nobel Prize-winning economist Daniel Kahneman lays out the conflict in our minds between "the impulsive, automatic, intuitive, or System 1, and the thoughtful, deliberate, calculating System 2. As they play off against each other, their interactions determine how we think, make judgments, and act." This book summarizes years of his research into behavioral economics and demonstrates how these two thought systems can have the same inputs yet arrive at different results.

I've been thinking about this book as I talk to my colleagues in cybersecurity. Everyone is in a mad rush. The pressure is on to make changes. The new reality of having a completely remote workforce is putting immediate and acute strains on the current way of doing business. From access to endpoints, firewalls to services, enterprise operations weren't designed for this. At the same time, malicious actors are living down to their reputation and taking advantage. According to the FBI, attacks are already up.

What does "thinking fast and slow" mean in this context? For business leaders, it means that we need to be deliberate but decisive. We need to think about dependencies and implications before acting. Often, the best decision isn't the one that gets you to a destination the fastest but one that gets you there at a reasonable amount of time with a minimum amount of risk.

There are many lessons in Kahneman's book that security leaders can use to avoid enabling malicious actors at the same time as employees.

Framing: For Kahneman, framing is all about how you present information. In the book, the author conducts an experiment in which the subjects were asked whether they would opt for surgery if the "survival" rate is 90%, while others were told that the mortality rate is 10%. Same situation, but vastly different results because of the presentation. How a security leader sets goals; quantifies results, objectives, and expectations; and presents his or her options and recommendations is the first measure of success. This is especially important at a time of massive change, when board interest is at its apex and broad organizational support is required.

Sunk costs: According to Kahneman, people tend to "throw good money after bad" in part to avoid feelings of regret. In business, this results in investing in bad projects solely because they've already been invested in. Is it more emotional, a fear of regret, or fear of being exposed to their colleagues for failure, for needing to take a new approach? Are these decisions being made, or not made, for the right reasons?

Overconfidence: If something is familiar to us, we tend to have undue confidence in what the mind believes it knows. The lesson for security leaders is that doing things as they've always been done, just bigger or faster, isn't always the best answer.

Choices: We tend to address problems in isolation. Kahneman's research shows that "when other reference points are considered, the choice of that reference point (called a frame) has a disproportionate impact on the outcome." What does that mean for the security choices we are making or not making? These decisions have so many dependencies and implications that making decisions about perimeter security, or access solutions, or firewall policy in isolation can have far-reaching negative consequences.

We all feel the pressure to act, to be an agent of change, and come through for the organization during this incredibly difficult time. Kahneman, a behavioral economist, would tell us to take emotion out of our decision-making. Easier said than done — that's why it takes work! Despite having nothing to do with our day jobs, Thinking Fast and Slow can provide a framework for better decision-making and, when we need it most, protect us from our own worst impulses.

I'd be interested to hear if there are any books that you've found yourselves thinking about in recent weeks. If so, let me know what it was and why in the comments. Thanks for reading.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Tamir Hardof is Chief Marketing Officer at Axis Security. Tamir is responsible for leading all marketing activities for the company. Prior to joining Axis Security, Tamir was Vice President of Marketing at Kenna Security where he led all corporate, partner, and product ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
User Rank: Apprentice
5/11/2020 | 6:07:03 PM
Economic Growth Strategy 2020
Nice article Tamir it helps a lot and provide the overview on making new action plans and its implementation, I request you to review my blogs on economic growth on https://www.getbestbusinesscoach.com/
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inab...
PUBLISHED: 2020-10-22
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups.
PUBLISHED: 2020-10-22
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
PUBLISHED: 2020-10-21
WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal b...
PUBLISHED: 2020-10-21
Adobe InDesign version 15.1.2 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .indd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.