I’m reading a great book: The Science of Fear by Daniel Gardner.
I highly recommend it. It’s an analysis of how and why our fears are often irrational; we fear things that are not particularly likely, and don’t fear things we should.
In one of this early chapters, he talks about how people refused to fly in the months after 911, and drove instead. He explains even if the risk of a terrorist attack on an airplane in the post-911 era had been much higher than it was, it would still have been much safer to fly than to drive. He also points out how many people died because they drove instead of flying.
Why did that do that? Why did so many people react in such an irrational manner to what was truly a terrifying event?
Gardner explains that we have two systems of thought: System One is the unconscious, intuitive system of thought that is to some extent an artifact of our evolution. As Gardner says, it’s our gut instinct . . . the immediate response we needed when a lion showed up or we were confronted by some other visceral, physical threat when we lived in a more threatening world. System Two thought is the rational mode of thought we have evolved over the last millennia; it’s the more modern system of thought.
As Gardner explains, the people who refused to fly after 911 were giving in to System One thought. They were not assessing the situation rationally; they were reacting to the horrible images and stories they’d seen on TV and in newspapers. So from an outside observer’s perspective, what they did was irrational and foolish (not to mention self-destructive). That, he explains, doesn’t matter. From what I’ve read so far, it seems System One thought will trump System Two thought in any situation in which physical danger crops up (and maybe in others, as well . . . I’m not that far into the book.)
All of that made me think about how we – as a species – react to cyberthreats. It seems to me there’s a lot of System One thought going on when it comes to cyberthreats.
I don’t know about you, but whenever I mention to a “civilian” (i.e., to someone who isn’t a lawyer or someone who works in the cybercrime or computer security area) that my specialty is cybercrime, I almost always get the same reaction. They always talk about how horrible and frightening the online predators are. No one ever wants to talk about what I, for one, see as the more interesting, more serious concerns . . . the attacks on businesses, government agencies and other targets, the fraud and extortion, etc. No . . they want to talk about some “horrible” story they “heard” about a pedophile online.
I’ve never understood that. I’ve never understood why these people seem to find the notion of online pedophiles to be so spectacularly frightening when, as far as I can tell, a child is much more likely to be harmed in the real, physical world by someone he or she knows . . . Uncle Fred or the soccer coach or the Boy Scout leader or the neighbor, etc. That, I guess, is giving into System Two thought.
I’m still reading the book, and I’m still thinking about all this, but what I’ve read so far makes me wonder if System One thought doesn’t explain several things . . . one is the phenomenon I noted above, i.e., the focus on the army of pedophiles who are trolling the Internet to do uncertain things to unsuspecting children. I know pedophiles and perverts can stalk and harass and do other things to children in cyberspace, but I also don’t see how the “harm” they inflict rises to the level of the “harm” inflicted on children by the pedophiles they know. (I also don’t see why parents can’t take steps to minimize or eliminate the risk of online victimization, but that’s another issue.)
What I’m really wondering about is if the problem computer security people and others who try to convince people to secure they systems and generally protect themselves (and their employers) from cyberthreats face is that they’re relying on System Two thought. From what I’ve read so far, it’s pretty clear that System Two thought is dull, compared to System One thought, and is therefore less likely to motivate us to do things. We buy Brinks and ADT home security systems because we see the scary commercials on TV and read scary stories about home invasions; System One though at work.
We don’t really do much of anything to secure our computers and protect ourselves from online criminals because . . . it’s just not scary. It’s more of a cerebral threat, and while we can at some level understand those threats, they just don’t motivate us in the way home invaders and lions on the loose do. It’s an interesting notion. I’ll have to give it more thought.