- If your AI-generated code becomes faulty, who faces the most liability exposure?
- These discoutned earbuds deliver audio so high quality, you'll forget they're mid-range
- This Galaxy Watch is one of my top smartwatches for 2024 and it's received a huge discount
- One of my favorite Android smartwatches isn't from Google or OnePlus (and it's on sale)
- The Urgent Need for Data Minimization Standards
Cybersecurity: When Stress and Trauma ‘Get in the Way’
This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers.
Please take care of yourself when reading this and break off from reading if you feel the need to. If you do not suffer from PTSD, the following information can also be helpful, as you will certainly encounter someone with this condition in your cybersecurity career.
Once upon a Time…
Jo Bear is making dinner on time and ready for when Sam returns from work. Jo is looking at the pot of stew, worried that it’s too salty, overcooked, under-cooked or needs more vegetables. This is a difficult dinner to cook because some of the ingredients had expired, and so they couldn’t be used, but Sam asked for this, and so this is what shall be served. Fingers crossed it goes down well!
The door is opened as if a predator is hiding behind it. SLAM! Jo thinks, “Thank goodness they got rid of the dog, as that could have been a hefty vet bill again.” Jo is in the kitchen serving up the stew as Sam arrives with the door-slamming entry. The meal is going well when Sam begins to talk about work and is getting angry and taking it out with the spoon. At this point, Sam mutters something about needing more salt on the vegetables, and Jo jumps up to grab some, knocking the chair over.
Sam explodes, shouting about Jo’s “mess” and telling Joe to “watch what you are doing, you clumsy idiot.” As always, Jo is overly apologetic, and Sam cannot contain the anger. Stew is thrown everywhere! Today’s dinner ended – just like yesterday’s.
Jo goes to bed early and is fraught with the misery of why Sam exploded so quickly this evening. What needs to happen for Sam to “just have a good evening?” Why can’t Sam just “be normal” like everyone else? Sleep evades Jo, and Sam remains downstairs, drinking copiously until near-comatose on the sofa. Day-in and day-out, this pattern repeats.
Morning Has Broken
Sam is at work the next day, and upon arriving, there is a new person at the front door. Sam is skeptical about this person and does the very thing that have been taught in the cybersecurity trainings. Rather than just holding the door open for this unknown person, Sam asks “Hello. Can I help you?” The new person says, “Yes, I’m here for a job interview with Peter.” Sam replies that Peter will be notified and walks off in the direction of the shops to grab a coffee, leaving the stranger at the door.
Sam is feeling terrible after the booze and needs a pick-me-up. As Sam walks and takes a seat on a bench, facing the long line of workers heading to their place of work, the conversation on the phone with Peter turns to discussing the stressful event of the previous day.
Sam explains about the bank and the manager, Mr Christian Surname, and how the file from the important client was processed incorrectly and how Mr. Mussk sent it to the wrong account. Sam exclaims “What an idiot!!” Sam’s bench neighbor stops reading the morning newspaper and listens intently. Sam discusses how last night Jo messed up the dinner, just like Mr. Surname messed up the account, and how he’s noticed that Katy in Human Resources is also making mistakes, and the secretary keeps adding meetings to the calendar without checking anyone’s availability and how Peter needs to bring the team together for the sake of their biggest accounts, as they are losing money to the stocks of other accounts. During this rant, Peter names many of the accounts and stocks that he thinks are affecting the business.
There is an entire litany of internal dialogue that occupies Sam’s head:
“Blah, Blah, Blah! Get it all out and you’ll feel better,” says the anger, dismay, and hangover.
“You tell him, Sam,” says the inner child.
“Take it out on the boss,” says the repressed adolescent.
“I hate him,” says the disempowered part.
“Make it his fault,” says the shameful part.
“He wouldn’t let me say this in his office,” says the righteous indignant small child within.
“I got to get it off my chest,” says the exhausted worker.
“Should you really be saying this in public?” says the inner critic.
“No one here matters or knows me or the company,” says the scolded, angry, embarrassed, hurt, shamed person.
All the while, Sam is divulging some potentially damaging company information in a public location including the names of some important people in the organization, the names of important accounts and stocks, as well as the name of the person in Human Resources. All of these details could be quite valuable to anyone who may be hearing it who wants to capitalize on the information.
Meanwhile…
Jo is at home, doing the morning administrative tasks – emailing out the next set of appointments for the Psychiatric clients that will be coming to the clinic later that week.
Jo is preoccupied with the event of last night – in fact, the last few weeks and months – and is trying to work out a “plan of action” to sit down and approach Sam about their relationship. Jo is worried and anxious. While staring vacantly at the patterns in the crema in the rapidly cooling cup of coffee on the desk, an email from the bank arrives, indicating that an account requires confirmation of a direct debit that was sent last week to an unrecognized recipient. And yep… Jo clicks the link. Jo is not even thinking about whether this is true, panicked because things with Sam are already strained. Imagine if this was a direct debit that should not have been paid? That would be disastrous!!
The echoes in Jo’s head are quite different than the one’s in Sam’s head:
“Click and sort it quick,” says the fear.
“Prevent another meltdown.”
“This could be bad if I spent money without permission.”
“I will be killed if this is discovered.”
All said by the scared, terrified, abused partner.
None of these concerns matter to a cybercriminal, whose only interest is the hopes of easy exploitation of our human condition. In this case, the criminal enjoys a small victory dance, not knowing or caring about the full toll of the crime.
The Human Side of Cybersecurity
Relationships are complicated, as is life, and people behave according to what is happening to them on a minute-by-minute, hour-by-hour, and day-by-day basis. I don’t doubt in this story that Jo and Sam are cognitive, well thought-out professionals with plenty of cybersecurity awareness who are well-versed in behaviors for protecting their data and that of their clients. They both hold high positions in their work and likely have lots of integrity and work ethics.
Yet, they also have feelings, lives, and histories that make them who they are. And they both allowed a personal matter to get in the way of their integrity, values, and cybersecurity behaviors because feelings can override many of our behaviors. Our “elsewhere” thinking can infiltrate us and become a pre-occupation, tying us up in knots of our best-intentioned cybersecurity behaviors. And, of course, our past histories can result in our “shame behaviors.”
We are complicated, and behaviors are more than a nudge, training, and awareness. As professionals who are tasked with protecting an organization or just our families, let’s be more patient and kind both to ourselves and others when a cybersecurity misstep is made.
About the Author: Cath Knibbs is a tech geek, gamer (of sorts), tech/gaming therapist, and a cybertrauma and trauma psychotherapist who uses biofeedback/tech and gaming to elicit Post Traumatic Growth, healing, and flow. She is a functional health and nutrigenomics practitioner and incorporates this into her psychotherapy practice, too. Her model is Interpersonal Neurobiology with an emphasis on Polyvagal theory (not a vagal nerve ‘hacker’). Her recently published book is available for pre-order. The book focuses on the ‘why’ we do what we do in cyberspace and how to help children, young people ,and adults. She is a disruptor and advocate for children’s rights, privacy, and digital explorations online. She also educates therapists via her company Privacy4 about Data protection/privacy/cybersecurity issues in relation to their practice. Additionally, she is a Director and mental health advisor for Gamersbeatcancer CIC.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.