Page 18 - GS230502
P. 18
Views
Origin theories
The very point of sale
ry
point of sale
The ve
Kendra Cherry, psychosocial rehabilitation specialist and
educator, proposed that learned helplessness can begin in
childhood. Her April 11, 2023, post on VeryWell Mind, "What
Causes Learned Helplessness," found underperforming
children who don't receive support they need from family
members, teachers and caregivers exhibit a range of
symptoms, such as apathy, avoidance, procrastination and
Unlearn helplessness poor self-esteem.
By Dale S. Laszig "When children need help but no one comes to their aid,
they may be left feeling that nothing they do will change
DSL Direct LLC their situation," Cherry wrote. "Repeated experiences that
bolster these feelings of helplessness and hopelessness can
sychologists and security analysts have used result in growing into adulthood ultimately feeling that
the phrase "learned helplessness" to describe there is nothing one can do to change his or her problems."
how some people respond to repeated failures.
P Peiter Zatko, security expert, programmer and Cherry observed that children affected by learned
former Twitter security chief, identified cynicism and helplessness tend to feel they have little control over
naïveté as root causes of this condition. their grades or performance. Indeed, psychologists and
sociologists have seen people of all ages stop trying due
Zatko shared his views in Beautiful Security, an anthology to the belief that they are powerless to change an outcome.
edited by Mark Curphey and published in 2009 by O'Reilly These feelings of helplessness and hopelessness, she
Media. His chapter, "Psychological Security Traps," noted, can lead to anxiety and depression.
attributed several high-profile data breaches to habitual
vendor and customer behaviors. Vendors, he noted, have Confirmation bias
been known to sacrifice product security in favor of
simplicity and ease of use. Customers, on the other hand, Zatko urged security practitioners to avoid what he called
can be overly trusting of products made by well-known "confirmation traps" in software testing. When testing an
brands. application, do not try to confirm it works; try instead to
make it fail, he advised. This is a critical aspect of quality
"Here we have both learned helplessness on the vendor's assurance, he added, because "internal software testing
part and naïveté on the consumer's part," Zatko wrote, rarely re-creates the actual environments and inputs to
characterizing the vendor's cynicism about its customer's which software will be subjected by regular end-users
intelligence as "learned helplessness" and the customer's and hostile adversaries alike."
confidence in a market-leading product as "naïveté."
Adam Grant, author of Think Again, stated "I'm not biased"
Open and shut case is his favorite type of bias; it shows up when people think
they are more objective than others. "It turns out that
Citing a forensic investigation that exposed systemic smart people are more likely to fall into this trap," he
design flaws, Zatko noted the manufacturer had designed wrote. "The brighter you are, the harder it can be to see
network switches to "fail open" rather than closed, which your own limitations. Being good at thinking can make
turned a potentially intelligent network into a dumb pipe. you worse at rethinking."
"Switches are designed to move packets between systems Cherry has also seen people unwittingly fall into the
at the data-link layer," he wrote. "Failing closed, in this case, confirmation bias trap when they screen and interpret
means that a device shuts down and stops functioning data. Her November 2022 VeryWell Mind post, "What is the
or otherwise ceases operation in a 'secure' fashion. This Confirmation Bias?" cited the following examples:
would result in data no longer passing through the system
in question. Conversely, failing open implies that the • Selective input: Only seeking information that
system stops performing any intelligent functions and just confirms your beliefs and ignoring or discrediting
blindly forwards all packets it receives out of all its ports." information that doesn't support them.
Zatko claimed customers who buy systems from • Selective proof: Looking for evidence that confirms
well-known vendors frequently overlook inherent what you already think is true, rather than
vulnerabilities that may be attractive to adversaries. considering all available evidence available.
Vendors need to give customers a choice in how to
configure their network systems, as well as the ability • Selective beliefs: Relying on stereotypes or personal
to separate internal domains from mainstream network biases when assessing information.
traffic to improve their security posture, he stated.
18
