SecTor: Retaking Surrendered Ground, Making Better Decisions to Fight Cyber-crime

VIDEO: Chris Pogue, CISO of Nuix, explains why cognitive bias in humans might be impacting cyber-security and what can be done to improve outcomes.

TORONTO--There is a reason why cyber-security efforts often fail, and it might just well have to do with how the human brain is wired, according to Chris Pogue, chief information security officer at Nuix.

Pogue delivered a keynote address at the SecTor security conference here on Oct. 19, providing his recommendations on how to make better decisions to fight cyber-crime. In a video interview with eWEEK. Pogue provides some additional insight into why humans don't always make the right decisions.

"Cognitive biases are things that are glitches in our human brain software that prevent us from making rational decisions," he said.

Pogue sees a direct connection between certain cognitive biases and cyber-security. Parkinson's Law of Triviality, also known as "bikeshedding," is one such bias that can have a security impact. Pogue explained that with bikeshedding, if an individual can't understand something because it is too complex, the human brain will instead latch onto something less complex that it can understand.

In the cyber-security context, Pogue said that executives understand the concepts of SIEM (Security Information and Event Management), antivirus and firewalls, since they are all relatively simple solutions. Those technologies, however, aren't actually enough to protect against modern threats. Pogue advocates more advanced techniques for defense and the use of counter-measures.

The use of more advanced security technologies and approaches is more complicated for an executive to acquire as well, since it's not as easy as simply buying a piece of hardware and then plugging it into an organization.

Compliance, technology and people all play a role in helping an organization to stay secure, according to Pogue. Humans have to understand what the compliance and legal requirements are for security and privacy. Technology should be used to help organizations deploy and run security policies.

Watch the full video interview with Chris Pogue below:

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.