Cybernomics: The Economics of Cyber Security

Who's winning, the good guys or bad guys?

Bruyning Media

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 4:24

We dig into why security awareness fails even when the risks are obvious, and why the real challenge is human behavior rather than tools. Robert explains the “human blind spot” and how AI deepfakes and voice cloning make trust harder to manage at every level. 


• CISOs and tech executives as unsung heroes protecting modern life 
• why attackers target people instead of systems 
• the human blind spot as biology overriding digital suspicion 
• how social engineering uses trust and mental shortcuts 
• AI deepfakes and voice cloning raising the stakes for fraud 
• denial and convenience driving weak password habits 
• low adoption of unique passcodes and two-factor authentication 
• basic digital literacy questions like judging safe links 


Josh's LinkedIn

Why Security Will Not Stick

SPEAKER_00

The CISOs are working really hard, right? They're trying to get these, you know, folks on board with security. And from the top down, we always hear that security is a human problem. Uh it's a people problem. In your view, Robert, why why is it so hard to get this message to stick and to get security to acceptable levels when it comes to people?

CISOs As Unsung Everyday Heroes

AI Deepfakes And Public Confusion

The Human Blind Spot Explained

Denial And Basic Security Habits

Digital Literacy Starts With Links

SPEAKER_01

Well, first of all, let me just say, you know, in our culture, in our society, we talk about firefighters and law enforcement teachers, nurses, first responders as being our heroes, right? And I and I agree with that. But you know who the unsung heroes are? The unsung heroes are the C-suite tech execs. They're the CISOs of the world. People say to me all the time, like, who's winning? The good guys or the bad guys? And I say, well, of course the good guys are winning. I mean, the bad guys want us to be living in the dirt like it's the 1800s. They want us to have no banking system, you know, running water. They want us to have no refrigeration, no gasoline in order to, you know, r deliver food and refrigerate goods. Like they want us to be living in the dark, okay? The reason why you and I have the quality of life that we do today is because of those CISOs and so on, right? So the good guys are in fact winning. But the reality of it is, with AI now and deep fakes and voice cloning and everything else, we're at a point now where I'm beginning to significantly worry because the general public does not know real or fake at all. And I don't know if they ever will. But it's our job, I think, to change their mindset to get them to understand and recognize what risk actually is. The main problem is just it's it's truly human biology. And that might just sound quite silly, but I've over the past, you know, 30 plus years of doing what I do, I've come to the conclusion that we all suffer from what I call the human blind spot. Okay? So the human blind spot basically is biology. It's the psychological instinct to trust what's familiar to us, right? Uh, it's that cognitive gap where biological trust overrides digital suspicion, leaving the door wide open for all kinds of deception, AI, deep fakes, fraud, whatever, you know? It's that biological default to trust, essentially psychological shortcuts, these heuristics the criminals use to bypass human logic. It's been going on forever, right? Now they've just perfected it. Think of it as like biological impulse versus intellectual understanding, right? The internal conflict between our evolved survival instincts and our modern knowledge or lack of knowledge of digital risks, keeping in mind that we are what is considered an interdependent species, which means that we are dependent upon each other for our survival. Always been like that, always will be like that. We require each other to procreate. Okay. And the basis of that is that we have to trust each other. So all day, every day, the people that we come in contact with, in person, over the phone, via email, via text, we want to and need to trust that they have our best interests in mind. No one ever wants to think or believe that somebody is out there that wants to hurt them. We run away from pain and towards pleasure. And pleasure is it can't or won't happen to me. Therefore, we function in denial. And essentially what that boils down to is we do nothing about it. When I get in front of a live audience, I ask, you know, 100 people, how many of you are using, can honestly say you're using a different passcode across all your critical accounts? If I get 15% of the room to raise their hand, that's a lot, which means 85% are using the same passcode across multiple accounts. Then the same question, how many of you are using two-factor authentication across all your critical accounts, including email? If I get 20% of the room, because usually it's a little more because it's required more often, that's a lot. So 80% aren't using two-factor authentication. These are basic, basic one on one things. And one of the most common questions I get even today is you know, how do I know what links are okay to click when I do a Google search? Which is a very basic one on one question, but that gives you an understanding of where people are in regards to basic digital literacy.