Cyber Complacency and the Normalization of Deviance
The concept of normalized deviance was first coined by sociologist Diane Vaughan in her analysis of the systemic failures which ultimately led to the 1986 space shuttle Challenger disaster:
“Social normalization of deviance means that people within the organization become so accustomed to a deviant behavior that they don’t consider it as deviant, despite the act they far exceed their own rules for the elementary safety”
But what does this have to do with practicing good cyber hygiene?
Like NASA in the mid-1980’s, we seem to be increasing “the bounds of acceptable risk” when it comes to our own personal cybersecurity. Every time we knowingly engage in high-risk behavior online we continue to normalize the deviance of cyber complacency.
Cybercrime is a very lucrative business, and the barriers to entry continue to decline. As seemingly nonstop stories of high profile cyber-attacks continue to make headlines, risk averse businesses have taken notice and have begun to implement mandatory cyber awareness training and have increased their budgets for more sophisticated technological defenses. The more these efforts begin to tip the scale in the enterprise, for attackers pursuing the path of least resistance, cyber complacent individuals will continue to become increasingly attractive targets.
Cybersecurity is a shared responsibility, and it requires a cultural shift to adopt the necessary attitudes, practices, and tools to become harder targets for cyber criminals. What large organizations are already doing at a macro level is now necessary at the micro level. Talk to your friends and family about managing the risks associated with their digital footprints. Encourage a culture of “if you see something, say something.” Be wary of engaging in digital relationships (social media, online banking, allowing devices onto your home networks, etc.) with individuals or organizations who have proven track records of cyber complacency.
The U.S. Department of Homeland Security created the “Stop. Think. Connect.” Campaign to provide audience-specific resources for facilitating such discussions.
