Herd Behavior in Information Security – The Good and The Bad

Some information security professionals have expressed concerns regarding the state of the infosec industry, suggesting that many of our practices don’t work, that our interactions resemble speaking into an echo chamber, and that we spend too much time philosophizing about pointless topics. One way to make sense of what’s going on is to consider whether the industry’s dynamics resemble those of a herd—we might find that not all is bad, though there is room for worry.

A Benefit of a Herd: Increased Vigilance

In a paper on behavioral practices associated with threat detection, Eilam, Izhar and Mort highlight a survival benefit to animals that live as a herd or flock: “the larger the group, the lower the level of individual vigilance and the greater the sum of collective vigilance.” Individual animals can spend more time eating rather than watching out for predators, even though the collective as a whole is safer.

In fact, not all members of the herd are equally attentive, which is one of the advantages of this social grouping. The researchers clarified that the individuals at the perimeter of herds are more vigilant than those in the center. As the result, “higher vigilance by certain individuals enables other individuals to reduce their vigilance” among social animals.

Dare I draw a parallel to participants of the information security industry? Through on-line and in-person interactions we exhibit social herd-like characteristics. Through work, research and writing, some of us pay closer attention to threats, vulnerabilities and risks: this allows others to remain less vigilant without compromising the security of the collective. This seems like a good thing, even if some of the individuals discuss topics without immediate practical applicability.

A Downside of a Herd: Anxiety is Contagious

Eilam, Izhar and Mort point out that there is a characteristic of herds that might counterbalance the benefit of increased collective vigilance: Their research showed that vigilance, and thus anxiety, among social animals is contagious:

“Being among a group of vigilant, watchful and worried conspecifics might exert a contagious effect and, in consequence, other individuals may also become vigilant, watchful and worried.”

This is why the “echo chamber” syndrome is undesirable: By rehashing the same topics among the same groups of individuals, we are infecting each other with anxiety that might be disproportionate to the actual risks. This seems like a bad thing. To address this issue, we should probably:

  • Exercise caution when using FUD to market security
  • Try not to overestimate the repercussions of security breaches or the severity of threats
  • Avoid limiting our social interactions solely to members of the information security industry

Being part of the herd has its benefits, though it’s not foolproof. May we graze long and prosper.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He presently oversees the financial success and expansion of infosec services and SaaS products at NCR. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more