www.AmericanSecurityToday.com September 2020 - Edition
When faced with uncertainty while trying to make a decision, people often rely on
a mental shortcut known as the representativeness bias. . While this shortcut can
speed up the decision-making process, it can also lead to poor choices and stereo-
types.
Another challenge for cybersecurity
professionals is identifying
user characteristics that pose
the greatest risk to an organization’s
information system.
Grouping people together
based on specific characteristics
or attributes can be both
convenient and effective, but it
also introduces the risk of representativeness
bias (also known
as representativeness heuristic).
Representativeness bias occurs
when we erroneously group
people (or other things) together
based on qualities that are
considered normal or typical
for that group.
For instance, if you made the
statement, “older people are
riskier users because they are
less technologically savvy than
their younger counterparts” you
would likely observe affirmative
nods from around the room.
However, when we take a closer
look at the numbers in current
research, we find that younger
people are actually far more
likely to share passwords and
they often reuse the same ones
across domains.
51