“Say ‘Ta,’” said Mamma Bear.

“Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident.

“What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!”

Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face was angry, disappointed. He was panicking about some purple stuff on the carpet. It didn’t make sense, and so Baby Bear could do only one thing. He swallowed the feeling as something he did, he was, and he ‘caused.’

This was shame. This was a bad feeling in the truest sense of the word. It was horrid.

In transactional analysis, this is known as an injunction. A message swallowed whole without question. In psychology, this becomes a knowing of oneself akin to an autobiographical memory recalled in an area of the brain that is now known to be called the Default Mode Network (DMN). What we also know is that this feeling is elicited from the lower regions of the brain when the salient cause is similar to the event described above. If it feels like “I did that, I messed up,” it’s followed by SHAME. 

Shame and Cybersecurity

So, what does this have to do with cybersecurity? Why would this piece of knowledge be helpful to a manager, mentor, staff, and anyone else working around information security, governance, and protection? And of course, as the reader of this, I suspect you are putting key concepts together from the above about the end users that you work with, need to educate, and of course spend time with on the shop floor.

Shame is a key driver in cybersecurity attacks, and it’s also a key driver in the conversations (Read more...)