Why Humans Suck at Calculating Risk and How It Affects Security - Masha Sedova

Explore the psychological factors behind human risk calculation and their impact on security decision-making in this 24-minute conference talk from LevelUp 0x03. Delve into risk biases such as near-misses and loss aversion, examining how they influence vulnerability introduction and delayed remediation in organizations. Analyze real-world examples, including the Columbia Space Shuttle disaster and Mars Rover simulation, to understand the consequences of flawed risk assessment. Learn effective strategies for using fear messaging and addressing perceived threats to improve cybersecurity postures. Gain valuable insights into human behavior and risk perception to enhance organizational security practices and decision-making processes.

Intro
Knowing is not enough
Superiority Bias: It Won't Happen to Me
Near-Miss Bias: Columbia Space Shuttle
Near-Miss Bias: Mars Rover Simulation
Near-Miss Bias: Evacuation
Does Fear Lead To Attitude Change?
How To Use Fear Messaging Effectively
Perceived Threats
Intentional
Immoral
Imminent
Instantaneous
Takeaways