Latest News

Every person reading this will be different from the next person in some way. Age, sex and cultural background are some easy ways to segment us. Or if we look to professional characteristics, the industry we operate in, the type of customer we serve or our organisational size might differentiate us.


But we’re all human. And that common thread means we share a lot of the same mental shortcuts and biases. And that shared trait is what effective hackers seek to exploit. 


That’s why this blog will look at 5 of those shortcuts. Because once we know what those ‘angles of attack’ look like, we can cut them off.


What are mental shortcuts?

Mental shortcuts, (also called ‘heuristics’), are mental tools that we all use. They allow us to make decisions quickly and efficiently based on limited information. Behavioural biases are patterns of behaviour that we engage in without thinking that can influence decision-making. Often, these are reflexive and of no real consequences (whether we stir our tea clockwise or counter-clockwise or which shoe we put on first). But sometimes, these automatic patterns and shortcuts can lead to suboptimal choices


Mental shortcut one: habit

This is possibly the most common and easily identified shortcut. Habits can be beneficial in terms of improving efficiency and productivity, but they can also pose a risk to cyber security if they are not appropriately managed.


For example, an employee who habitually uses weak or repeated passwords for convenience may compromise the security of their accounts and the business as a whole. A habit of clicking on links or opening attachments can lead to malware infections and other cyber threats.


Mental shortcut two: halo effect

The halo effect is a shortcut that can impact cyber security by co-opting our beliefs regarding trust and reliability. It occurs when an individual's positive qualities in one area influence judgments about their abilities or attributes in other areas, even when there is no direct correlation between the two.


For cyber security the halo effect can lead employees to assume that certain websites or individuals are trustworthy based on their positive reputation or authority. For example, an employee may assume that an email claiming to be from a trusted source is legitimate simply because of the source's reputation, even if the content of the email raises red flags. This can occur if the trusted sender has themselves been hacked, and emails sent using their mailing address or if a ‘lookalike’ account has been set up to mimic a trusted sender.


Mental shortcut three: recency effect

The recency effect is a mental shortcut that means that we give more weight to the most recent information received. This can impact cyber security by causing individuals to focus too heavily on the most recent cyber threats, instead of taking a comprehensive approach to security.


For example, if a company experiences a recent phishing attack, employees may become hyper-focused on avoiding similar attacks in the future. However, this may lead them to overlook other potential threats such as having vulnerable systems or insider threats. 


Mental shortcut four: authority bias

Authority bias is a mental shortcut similar to the halo effect. For example, an attacker may use social engineering techniques to impersonate a high-level executive or IT specialist in an email. Once that initial relationship is established, a hacker may escalate the conversation by asking an employee to provide sensitive information or download malware that is typically disguised as a legitimate request such as a request from an IT specialist to download a software patch or update. The employee may comply due to the perceived authority of the sender, even if the request violates security protocols.


Mental shortcut five: optimism bias

Another bias is the "optimism bias", which is the tendency to overestimate the likelihood of positive outcomes and underestimate the likelihood of negative ones. This can lead employees to take risks or overlook potential security threats because they assume that everything will turn out okay in the end.


Key takeaways

This might seem like a daunting list of threats to protect against, but the truth is that it is completely possible to train employees to spot, report and defend against any of these biases. Explicit instructions, examples and simulations as part of a broader security awareness training program can achieve this goal.


If you’d like a comprehensive assessment of your current security protocols and training materials or are interested in initiating cyber security training for your employees, CyberUnlocked has the experience, skills and track record with businesses like yours to help with those needs. 



More CyberUnlocked Blogs

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

by CyberUnlocked 25 February 2025
In the second part of our interview with Intergy Consulting, our founder, Sarah McAvoy from CyberUnlocked, explained the most critical cyber security measures that businesses can take today to enhance their security posture and mitigate risks of cyber-attack. Watch the full video to gain expert insights on how to protect your organisation from modern cyber security challenges!
Cover for Genea Cyber Attack

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

by Sarah McAvoy 24 February 2025
The Genea incident serves as a stark reminder of the evolving cyber threats facing the healthcare sector. By adopting comprehensive cyber security strategies and fostering a culture of vigilance, organisations can better protect themselves and their patients from future attacks.

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

by CyberUnlocked 17 February 2025
Recently, our Founder, Sarah McAvoy had the pleasure of sitting down with our partner Intergy Consulting to have a discussion on the convergence of cyber security and software development.