Why we're so reckless with our cyber security when we know of all the risks

Find out what goes on in people's minds that makes them feel indifferent about their online safety (and what can be done to combat this mindset).

It’s a slow and wildly unexhilarating Tuesday night for Amber, who sits slouched in the university common room, chipping away at her second law essay of the semester. That’s until she opens her direct messages to a flood of desperate middle-aged men, all vying for her attention.

Amber - at least, that’s what she calls herself online - is flattered by one corny pick-up line after another from people she can only hope are men, whose profiles display airbrushed headshots and shirtless selfies to entice prospective sugar babies. The site is called SeekingArrangement and it allows users like Realguy1 and RespectfullyDominant to connect with young and beautiful women - just like Amber. Her face lights up at the sound of each ping as she sits on the edge of her chair, eagerly awaiting the next probe for private information.

Amber uses a fake name for the sake of protecting her identity online, but sharing her location, phone number, personal photos and usernames to other social accounts hasn’t seemed to faze her. Not only is she giving her information away to people she’s never met, her details are being stored in databases that aren’t necessarily secure. What these people and systems will do with Amber’s information, no one can be sure.

It’s not just on dubious sites that people are cavalier with their personal details; our behaviour is often the same when it comes to banking, gaming, e-commerce and media accounts too. As we all spend more time inhabiting digital spaces, we are putting ourselves at risk of becoming vulnerable targets for cybercriminals to exploit through phishing, hacking, catfishing and a whole lot more. The thing is, most of us are aware of these online threats and the consequences they pose, yet our online behaviour doesn’t always reflect this.

There is a very real discrepancy emerging between people’s awareness of cyber-related threats and their online actions - something we’ll call digital dissonance. People are oversharing personal information on public platforms like social media and others are using the same weak password for every account they have. We all know this is bad, so why are we doing it?

Dismissing online protection, but at what cost?

If you’re reading this, sinking in your seat because you know it’s been a while since you last updated your online security, you’re not alone. In fact, LastPass’ latest Psychology of Passwords report revealed that 80% of people agree that having their passwords compromised is something they’re concerned about, yet 48% say if it’s not required, they never change their password.

“I’m that kind of person who has one password for everything,” Amber admits very casually, as if sharing a common apathy towards online security provides her with a kind of comfort or reassurance. “It seems to work for pretty much any account and if it doesn’t, I just add an exclamation mark.”

This is an attitude Brett Lee is more than familiar with. A member of the Queensland Police Service for 22 years, Lee has concerns about people’s vulnerability to cybercrime as they commit more of themselves to the internet. “We’re not yet at the stage where people truly realise the value of their identity when it comes to technology,” he says. “I can tell someone the internet is public and they go ‘oh yeah I know that’ and then they make a choice as though it’s private.” This behaviour - just like Amber’s - is quintessential to the phenomenon of digital dissonance, where we know that cyber threats are real and pervasive, but we act as if they aren’t. The question is, why?

Understanding digital dissonance

The reasoning behind people’s decisions to prioritise or dismiss online security is complex and can be multi-faceted, but it often boils down to one thing: human nature.

“There is so much evidence to illustrate why we shouldn’t do certain things as humans, but people still actively choose to do them,” says Cathie Reid, who believes that it’s in our nature to act in counterproductive ways despite having the knowledge that, in theory, should deter us from doing so.

Reid is the deputy chair of a new industry advisory committee for cyber security that the Australian government formed in the face of surging cybercrime and people’s apparent indifference towards it.

Through her work in healthcare provision as co-founder of the leading cancer care provider, Icon Group, Reid sees a trend of counterintuitive behaviour in both patients and people who engage online. “The evidence there is about smoking and the impact it has on your health is unequivocal, but people still smoke. Everybody knows it’s not a good choice and there is a high likelihood of negative consequences, but people still do it,” Reid says, explaining that the case is much the same with people who overshare online or disregard the importance of using strong passwords. Here, digital dissonance exists because people are aware of the risks that entering the digital space pose, yet they are innately inclined to make those potentially risky decisions anyway.

Lee also agrees that human nature - and the nature of technology - contributes to people’s dissonance with education and action in the digital space. “The online environment is one where it’s very easy for others to take advantage of human nature,” he says, arguing that the inborn concept of ‘seeing is believing’ causes us to fixate on things that are brought to our immediate attention. “On the internet we only get to see what’s on our screen and, generally, that’s what someone else has put there, so that can manipulate our perceptions very effectively.”

As a detective, Lee spent five years undercover hunting down child-exploiting online predators, so he has come to recognise that “...the internet is very good at encouraging good people to make bad choices.” Particularly for young people who are vulnerable and becoming more susceptible to cybercrime, the online world can provide a false sense of safety and security, which Lee believes can encourage even those who are educated to make poor choices. “Many people would probably never have made a poor choice on the internet if not for its illusionary effect regarding privacy, lack of permanency and sense of anonymity,” he says.

Empowering people to make the right choices

Experts are acknowledging that it’s in our nature to sometimes engage in counterintuitive activity online, so they are rethinking how they empower people to make the right choices when it comes to technology.

Having now dedicated his career to training and speaking to schools and organisations on the topic of cyber safety, Lee is a firm believer in the power of education. From thinking twice about what we share online to ensuring we use strong, varied passwords, he thinks it’s crucial that we know it all. “It’s very hard to quantify but if we didn’t have education relating to safe internet use and making people aware of what their responsibilities are online, I think we would see far more cyber-related problems in our community,” he says.

But while education may be critical, it hasn’t deterred all who receive it from engaging in dangerous online behaviour. “The more educated you are, hopefully the better you are at making good decisions, but it’s really not the be-all and end-all answer,” Reid says. “If it was, nobody would smoke and no one would use a password like P@55word to secure an online account.”

“Oftentimes,” Reid continues, “it takes a negative experience for you or someone close to you that’s the thing that actually drives a behavioural change.”

In Amber’s case, seeing people around her use dating apps without repercussion is only encouraging her to continue sharing more intimate information with users she doesn’t know. “Since nothing bad has happened to any of my friends, I feel a lot better about putting myself out there,” Amber says.

For Reid, changing these attitudes is the first step. “If we truly want people to be vigilant when it comes to their safety online,” she says, “perhaps something we need to be more vocal about is sharing those negative experiences and telling the human story of it.”

---

Contributors:

Cathie Reid, Board Member, Cyber Security Industry Advisory Committee

Brett Lee, Founder, Internet Safe Education