By Dale S. Laszig
DSL Direct LLC
Psychologists and security analysts have used the phrase "learned helplessness" to describe how some people respond to repeated failures. Peiter Zatko, security expert, programmer and former Twitter security chief, identified cynicism and naïveté as root causes of this condition.
Zatko shared his views in Beautiful Security, an anthology edited by Mark Curphey and published in 2009 by O'Reilly Media. His chapter, "Psychological Security Traps," attributed several high-profile data breaches to habitual vendor and customer behaviors. Vendors, he noted, have been known to sacrifice product security in favor of simplicity and ease of use. Customers, on the other hand, can be overly trusting of products made by well-known brands.
"Here we have both learned helplessness on the vendor's part and naïveté on the consumer's part," Zatko wrote, characterizing the vendor's cynicism about its customer's intelligence as "learned helplessness" and the customer's confidence in a market-leading product as "naïveté."
Citing a forensic investigation that exposed systemic design flaws, Zatko noted the manufacturer had designed network switches to "fail open" rather than closed, which turned a potentially intelligent network into a dumb pipe.
"Switches are designed to move packets between systems at the data-link layer," he wrote. "Failing closed, in this case, means that a device shuts down and stops functioning or otherwise ceases operation in a 'secure' fashion. This would result in data no longer passing through the system in question. Conversely, failing open implies that the system stops performing any intelligent functions and just blindly forwards all packets it receives out of all its ports."
Zatko claimed customers who buy systems from well-known vendors frequently overlook inherent vulnerabilities that may be attractive to adversaries. Vendors need to give customers a choice in how to configure their network systems, as well as the ability to separate internal domains from mainstream network traffic to improve their security posture, he stated.
Kendra Cherry, psychosocial rehabilitation specialist and educator, proposed that learned helplessness can begin in childhood. Her April 11, 2023, post on VeryWell Mind, "What Causes Learned Helplessness," found underperforming children who don't receive support they need from family members, teachers and caregivers exhibit a range of symptoms, such as apathy, avoidance, procrastination and poor self-esteem.
"When children need help but no one comes to their aid, they may be left feeling that nothing they do will change their situation," Cherry wrote. "Repeated experiences that bolster these feelings of helplessness and hopelessness can result in growing into adulthood ultimately feeling that there is nothing one can do to change his or her problems."
Cherry observed that children affected by learned helplessness tend to feel they have little control over their grades or performance. Indeed, psychologists and sociologists have seen people of all ages stop trying due to the belief that they are powerless to change an outcome. These feelings of helplessness and hopelessness, she noted, can lead to anxiety and depression.
Zatko urged security practitioners to avoid what he called "confirmation traps" in software testing. When testing an application, do not try to confirm it works; try instead to make it fail, he advised. This is a critical aspect of quality assurance, he added, because "internal software testing rarely re-creates the actual environments and inputs to which software will be subjected by regular end-users and hostile adversaries alike."
Adam Grant, author of Think Again, stated "I'm not biased" is his favorite type of bias; it shows up when people think they are more objective than others. "It turns out that smart people are more likely to fall into this trap," he wrote. "The brighter you are, the harder it can be to see your own limitations. Being good at thinking can make you worse at rethinking."
Cherry has also seen people unwittingly fall into the confirmation bias trap when they screen and interpret data. Her November 2022 VeryWell Mind post, "What is the Confirmation Bias?" cited the following examples:
By their very nature, learned helplessness and confirmation bias are difficult to detect and remediate in the workplace. People who feel helpless also feel powerless to change their outcomes and environments. People with confirmation bias see what they want to see, remaining unaware of those nearby who are suffering. And all the while, these mutually reinforcing conditions sabotage security and productivity.
As Cherry pointed out, confirmation bias is hardwired into our brains. "Even if you believe you are very open-minded and only observe the facts before coming to conclusions, some bias will likely shape your opinion," she wrote, concluding that it's very difficult to combat this natural tendency.
"That said," she added, "if we know about confirmation bias and accept the fact that it does exist, we can make an effort to recognize it by working to be curious about opposing views and listening to what others have to say and why."
As payment professionals, we have a responsibility to create an inclusive, interoperable digital commerce ecosystem in which all stakeholders contribute and thrive. If you're celebrating inclusivity, are you looking beyond youthful leaders to the elders who helped light their way? If you're fostering growth, are you rewarding the back-office associates as well as the rock stars who are moving your organization forward?
It's not easy to open one's mind, but for Cherry, releasing outdated beliefs and assumptions is essential to our personal development. As Grant noted, we're consuming information faster and in shorter sequences, and like him, I'm still wondering why Pluto was demoted from planet to dwarf-planet status by the International Astronomical Union. Let's be kind to each other as we navigate our ever-expanding tech and human constellation. 
Dale S. Laszig, senior staff writer at The Green Sheetand founder and CEO at DSL Direct LLC, is a payments industry journalist and content strategist. Connect via email dale@dsldirectllc.com, LinkedIn www.linkedin.com/in/dalelaszig/ and Twitter https://twitter.com/DSLdirect.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
Prev Next
