Boredom and security

We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security tasks which can be, well, boring. The best example of this is reviewing logs for anomalies. Fortunately, more and more shops are using artificial intelligence to winnow down the amount of data the poor analyst has to review. But sometimes, we have give our staff boring things to do.

In some ways, the boring tasks are a rite of passage for more junior analysts. In return for slogging through the logs, we tell them that as they increase their skills, we’ll inflict this particular torture on the new guy or gal who follows them. It is important to follow through on such promises; failing to do so leads to bored analysts leaving for more interesting jobs.

Let’s face it – boredom is, well, boring.

But is boredom ALL bad?

Not according to an article titled Why boredom might not be a bad thing after all, published in the Academy of Management Discoveries journal.

In addition to providing an interesting overview on the boredom research done to date, the researchers described a series of experiments they performed to see whether boredom’s effects were all negative. Their findings were surprising:

Boredom can lead to creativity – for some people. The researchers found that people who were judged to have a high level of openness to new experiences, a need for cognition and a high level of self direction actually generated more numerous and more unique ideas when they were asked to brainstorm after performing a boring task.

Boredom is not necessarily associated with higher levels of anger or frustration. When two groups were given similar tasks with different levels of boredom, there was not much of a difference in their self reported emotional state.

This second point seems to conflict with earlier studies mentioned by the authors in which boredom can be seen as a security risk – these studies have shown that boredom can be a factor in thrill-seeking and risk-taking behaviors, violence, theft and that individuals who reported frequently feeling bored at work were much more likely to engage in sabotage. For example…

So how can we use this information as security professionals?

First, if we are going to ask our analysts to perform some less than thrilling task, consider interspersing tasks which are more creative and need them to think of new solutions to problems. You may find that they will produce more and better results when coming off a log review session or finishing analyzing strings in a piece of malware.

Second, think about how boredom in your non security people can affect security. In many cases, security problems start with mistakes – and mistakes can be provoked by boredom and distraction (at least according to this 2017 poll of users). Look around your workplace for the people with repetitive, potentially boring jobs. Maybe target them for some additional awareness messages or even talk to management about how their jobs are designed and how that could affect organizational security.

Hopefully, this piece has made you think about boredom in a more interesting way. If not, well, use your resulting boredom to come up with some kickass ideas!

*** This is a Security Bloggers Network syndicated blog from Al Berg's Paranoid Prose authored by Al Berg. Read the original post at: https://paranoidprose.blog/2020/01/02/boredom-and-security/

Recent Posts

CRM Backup Trends to Watch on World Backup Day

With World Backup Day approaching, many organizations are increasing their attention to potential security threats and blindspots in their backup…

2 hours ago

Exclusive: Waffle House Risk Index 1.0 Open For Public Comment Period

In collaboration with the WF Command Center, AZT has developed a new risk index designed to simplify communication associated with…

3 hours ago

Industrial Enterprise Operational Technology Under Threat From Cyberattacks

One in four industrial enterprises had to temporarily cease operations due to cyberattacks within the past year, suggesting operational technology…

3 hours ago

Is your roadmap prioritizing memory safe programming languages?

Cybersecurity agencies from five different national governments put out a plea in December for developers to use memory-safe programming languages.…

5 hours ago

Prioritizing Vulnerabilities: A Growing Imperative

Did a security breach just become your biggest nightmare? It’s a harsh reality for many companies. A whopping 76% of…

5 hours ago

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-1086) Alert

NSFOCUS CERT has detected that details and a proof-of-concept (PoC) tool for a Linux kernel privilege escalation vulnerability CVE-2024-1086, have…

6 hours ago