Leeds (UK) - Even what we perceive to be foolproof IT systems will never be able to safeguard sensitive information, according to researchers from the University of Leeds. The "human autopilot" gets the blame.
The results of this study surely won't make you feel more comfortable about all your personal data that is stored in countless data centers around the world. According to the results of study conducted by the University of Leeds, you have to worry about corporations and organizations keeping your social security number, credit card numbers, addresses, credit scores and other sensitive data safe. A 100% safeguard for this information is not possible, the researchers claim.
"No matter what steps an organization takes, they will always run the risk of being compromised by human psychology and the way we perceive risk on a day-to-day basis," said Gerard Hodgkinson, director of the Centre for Organisational Strategy, Learning and Change (COSLAC). "Our research shows that organizations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life," he said.
That "autopilot" refers to our tendency to simplify the characteristics of our environment, Hodgkinson said. "If we considered and analyzed the risks involved in every permutation of every situation, we'd never get anything done! If I make a cup of tea, I don't stop to weigh up the probability of spilling boiling water on myself or choking on the drink."
These conclusions came after Hodgkinson's group had surveyed 112 people who "regularly used IT systems in the course of their work" about their opinions on possible data security risks and the probability, underlying causes and likely consequences of the most commonly described scenarios.
Robert Coles, one of the authors of the report, said that "the results showed that when asked to focus on potential problems, employees seemingly exhibit a highly sophisticated perception and categorization of risk, and insight as to the consequences of risky scenarios. However, this perception isn't always translated into practice and elementary errors are still happening - and will continue to happen."
However, the researchers believe that their findings can help companies to find "blind spots" in what workers perceive as risk and probability, which ultimately could improve data security. Also, Coles noted that security processes need to be revised in general: "Perhaps organizations should consider involving the potential users when developing crucial business processes."
"A well-designed system should not allow these mistakes to be made. We need more triggers and mechanisms in the workplace that make us stop and think before we act," he said. But even then, a 100% safeguard guarantee will not be possible.
The complete findings of teh report are published in the February issue of the journal Risk Analysis.
