The Weakest Link in the Room, Part I

Fraud detection and analytics CSC Blogs

By Stephen Brennan, CSC Cybersecurity

In the last two decades I have seen cyber defenses revolutionized by advances in processes and technologies.

Advances that have made protecting and defending our most critical data, systems and infrastructure seem almost routine.

So when unexpected events occur and become incidents, the weakest link in the room is often not the processes or the technology, it is us, the Cyber Incident Response Team (CIRT).

When under pressure, like everyone else, we make mistakes and, in fast moving situations, we are horribly fallible. Our brains default to patterns of behavior that let us down at the crucial moment. So the question becomes this: Is there anything we can do to better prepare ourselves for those catastrophic moments — anything that can give us a fighting chance of making the right decisions and taking the right actions?

Ironically, this is not a unique challenge to cyber incident response or even information technology. Medicine and emergency response teams face this challenge daily, realizing that avoiding mistakes is crucial to saving lives.

While it would be arrogant to think that CIRTs hold that kind of power, it is true that with the rapid advancement towards the Internet of Everything, our ability to successfully meet these challenges can have the same critical impact, directly or indirectly, on human life and safety.

Since I started practicing cybersecurity professionally over 20 years ago, our expectation of cyber threats, our approach to mitigating these threats and our response to failures in our strategies has changed dramatically.

Cyber events that were once fatal are now commonly survivable. But despite all this advancement, occasionally a cyber incident or breach occurs, and organizations and planners are now only starting to recognize the role human error plays and plan for it.

One of the most direct areas of study we need to be aware of is called “load theory,” a field of study within cognitive psychology that refers to the total amount of mental effort being used in the working memory. Seemingly simple tasks performed at high rates of speed force us, as humans, to concentrate extremely hard. This is especially the case when data is presented to us in a schema that is unfamiliar or incompatible with the way our mind naturally works.

Crucially, we have a finite ability to deal with complex information. When your brain is overloaded during such exercise, its ability to monitor other attributes — even one as simple as the passage of time — is severely compromised, also known as “loosing our situational awareness.”

Situational awareness is the perception of environmental elements with respect to time or space, the comprehension of their meaning and the projection of their status after some variable has changed, such as time or a predetermined event.

Avoiding the traps that result in the loss of situational awareness is not about being smart or about an individual’s intelligence. Instead, it is similar to understanding any complex system, in that we must understand and accept these limitations and then design strategies that will allow us to cope.

Having complete, accurate and up-to-the-minute situational awareness is essential when human decision-makers face technological and situational complexity. Maintaining that situational awareness is the foundation for all effective incident response and strengthens what was before the weakest link in the room.shutterstock_148027151_low

In the next part of this series, I’ll explore how other industries have approached these challenges and how those approaches have been an effective part of CSC’s Incident Response and Planning program for some of the world’s most valuable companies.


Stephen_BrennanStephen Brennan leads CSC’s Global Cybersecurity Consulting practice. His approach to evaluating real world security as a business driver for organizations has led to the development of proprietary risk assessment methodologies that allow security officers and senior executives to assign a quantifiable value to security risks and initiatives supported by specific business goals, evidence and objectives.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: