The attention economy - Does it matter to Cybersecurity?


The topic of this blog post does the attention economy matter to cybersecurity may seem a bit odd since as an idea they do seem to have no relation to each other. The idea of the attention economy originally came from advertising firms as they sought out ways to attract customer for their clients' goods or services. Nowadays companies like Netflix, Epic the makers of video game Fortnite take a keen interest in the attention economy since in order to be a successful business they need customers to engage with their services.  What attention economics is an approach to the management of information that treats human attention as a scarce commodity, and applies economic theory to solve various information management problems. Put simply by Matthew Crawford, "Attention is a resource—a person has only so much of it." As content has grown increasingly abundant and immediately available, attention (how much time a person has in a waking day) becomes the limiting factor in the consumption of information.

A strong trigger of this effect is that the mental capability of humans is limited and the receptiveness of information is hence limited as well. Attention is used to filter the most important information by the human brain from a large pool of information surrounding the human in the digital age.

There are key elements which form the attention economy that relates to user interaction and cybersecurity these are; immediacy, authenticity and personalization.  The areas that link to cybersecurity are web spam and e-mail spam. With some of the attack vectors being social engineering, phishing and malware. Also, from the broad field economics and cybersecurity are intimately intertwined in the public policy debate in two ways—the scale of economic losses due to adversary operations for cyber exploitation and the effects of economics on the scope and nature of vendor and end-user investments in cybersecurity.


When it comes to the attention economy and cybersecurity there is the question of this being a design problem or a user problem or both or neither?

Firstly is the obvious usual advice about best cybersecurity practises. For examples do not click on untrusted links, use anti-malware software, keep software up to date etc. There are many promising technologies and methods that aim to improve the cybersecurity environment.
These include:
Near-term: increasing use of; risk modelling and management, two or multi-factor authentication, cyber-intelligence and analysis.
Mid-term: Through a push from regulation, standards and guidelines cybersecurity designers will or should develop; resilient, trustworthy ecosystems, efficient security and privacy architectures, design methods and development toolchains; human behaviour modelling.
Long-term: Through research,  development and then deployment of privacy-preserving computing and quantum-secure communications has the potential to lead to a more secure operating environment.
There is potential to overcome the design problem of the links between the attention economy and cybersecurity.

When tackling the user there being studies on how increase and gauge awareness, behaviour and knowledge of cybersecurity related issues. A study of practising safe computing that examined home computer user security behavioural intentions found that a home computer user's intention to perform security-related behaviour is influenced by a combination of cognitive, social, and psychological components. Results of a study on the interactive video game, CyberCIEGE, that it can raise cybersecurity and information awareness.  This is vital in aiding users' in recognising attack vectors that relate to the subject of the attention economy and cybersecurity. There are means and research which shows how we can overcome gaps in the user behaviour when comes to cybersecurity.

The common factor is user experience and interaction with devices and services when it comes to answering the question when it comes to the attention economy and cybersecurity there is the question of this being a design problem or a user problem. Ideal behaviour and a design that is secure by default would minimise successful attack vectors associated with the attention economy while poor behaviour and design would see more successful attacks.  There is no silver bullet in cybersecurity.  There are pros and cons of any design consideration when considering cybersecurity and how it impacts the user experience. Also, vice-versa. This topic is vital for business user and consumers if as cybersecurity experts/designers/engineers we are ever going to reverse the seemingly endless increase in reported breaches, losses and disruptions from cyber attacks.


This blog post started as a thought experiment to see if I could link these two topics of the attention economy and cybersecurity together. Personally, I think the ideas about the attention economy are able to provide contextual or background information about why certain types of cyber attacks are successful. Having this knowledge and awareness could allow a security designer to better protect their systems or tailor their education material to better protect against these attacks.

It this knowledge and information that cybersecurity designers I think should be aware of when implementing their chosen cybersecurity methods and tools. Upcoming technologies such as AI may help from a business area with the potential to use resources more effectively and decrease response time to attacks/breaches. For the user, most will gain better protection by the push for better security design through their device/services lifecycle.



Popular posts

Balancing functionality, usability and security in design

Personal Interest - Unbuilt fleets of the Royal Navy

Personal Interest - RAF Unbuilt Projects