Nudges Approaching Towards A More Secure World

Nudges: Approaching Towards A More Secure World

Updated On:

Nudges: A nudge is a theory in behavioral economics, political theory, and behavioral science that implies constructive reinforcement and overt suggestions as a means of influencing people’s behavior and decision-making.

In layman terms, whenever there is a point at which someone has to make a decision, a nudge helps to push people in a desired direction without forbidding any of the other options or changing their economic incentives. The interference has to be inexpensive and easy to evade in order to define as a nudge. Nudges do not constitute mandates.

new_releases

EternalGlue: Disarming NotPetya And Turning Into Ultimate Network Penetration Testing Tool

There are many examples of nudges which we encounter in our daily lives, some of which we notice, and others we don’t. For example, some shops will place fruit at eye level – this counts as a nudge. Conversely, banning junk food does not count as a nudge.

If you travel on the London underground, many escalators have stencil marks on them. Static ones on the right-hand side and walking ones on the left in order to nudge people to stand or walk on the correct side.

Whenever we’re disposing of rubbish, the bins are usually clearly labelled, identifying where recyclable waste should go vs landfill. There’s no actual mandate to prohibit someone from throwing all their rubbish into the landfill, but a simple nudge or reminder at the point of throwing rubbish can be surprisingly effective in getting people to spend a few seconds separating out landfill of recyclable waste.

new_releases

#Bluetooth Hacks: Is Your Cybersecurity Strategy Enough Modernized?

Security Nudges

Nudges can also work really well in security. Perhaps one of the most common and best examples is the use of a password strength meter. As someone chooses a password, the longer and more complexes it becomes, the more a bar fills up, or a sad face turns into a smiley.

Another security-related example of nudging can be as simple as putting a reminder poster about secure document disposal over an area in your office that has regular and secure paper disposal. The prompt to do the secure behavior is happening at the point of disposing of the paper and serves as a gentle nudge in the direction of security.

Recently, I saw a photo of a security conference where people were given the choice of different colored lanyards, one indicating they were open to conversation or job offers, and another which implied they wanted to be left alone.

new_releases

Why Gender Gap Diversity Is Vital For The Future Of Cybersecurity?

The Dark Side Of Nudges

Given the power of nudging, you probably won’t be too surprised to learn that there are some unscrupulous people seeking to weaponize nudges and use them against us. These weaponized nudges are called dark patterns, and they are generally used to nudge us toward whatever agenda the person or organization leveraging the nudge has as opposed to the good of the person being nudged.

A good resource which documents many of these anti-nudges are Darkpatterns.org. One particularly devious dark pattern used on mobile devices is where an advertisement makes it look like there’s a speck of dust or hair on the screen, and when you go to wipe it off with your finger, you accidentally tap the ad.

new_releases

Sector-Based Security: Bad Bots Targeting The E-Commerce Sector

Embracing Nudges And Recognizing Dark Patterns

From a security perspective, there are a few things to bear in mind when it comes to nudges. Attackers will use more dark patterns to trick users into performing behaviors that benefit the attacker. This could be something as simple as clicking on an ad, or it could be to install malware.

However, while nudging may seem to be sophisticated, they are extremely intuitive to create and setup. Similarly, it’s not too difficult to train people on how to detect dark patterns in any context, not just security.

Perhaps where nudging can be most effective is if we can build security nudges into every product. So that, rather than security being the department of no, it can become the department of a yes with a nudge towards the better answer.

, , , , , , , , , , , , , ,
Previous Post
Data Breach Response: What Do You Expect From Security Providers?
Next Post
Advanced Insiders: Defending Data Breaches And Ransomware Attacks

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed

Menu

Pin It on Pinterest