Functional stupidity (digital stupidity) in Cyber Security

Posted by Klea Duro on May 19, 2023 8:15:00 AM

How much does slavishly following company procedures lead to problems?

Stupidità Funzionale

 

Are there any solutions? But what are the impacts in security management? Can we be affected by digital stupidity?

Could ignoring it be a solution?

"I simply do it because it says so" or even "We have always done it this way."

 

I remember once during a consulting session where a person having to produce evidence was obliged to make screens of all the changes made to SAP users.

 

To the question, "why?" Because it is defined in the procedure. Not knowing that there is a specific trace and logging mechanism in SAP for changes made.

 

It can happen to everyone at times to go on autopilot without much thought.

 

This, however, if activated always, can lead to thought limitation and thus one of the main clues in this context.

 

In more detail:

  • not reflecting, not questioning anything, and accepting all policies and procedures as "good" and without error
  • not questioning why, they are doing what they doing
  • not considering the consequences

 

Beware, following procedures is not harmful, in fact it is certainly correct and recommended. But that is not what is being talked about here. It is about doing it blindly without asking any questions.

 

Sometimes even wondering, "But why are we doing this? Is there any better way to do it?" Can be helpful.

 

Unfortunately, it can happen to come across as "out of standard." If those who deal with these issues, following the example above, try to raise problems or concerns, they are often seen as a troublemaker.

 

What can happen then?

  • Tell reporters what they want to hear, avoiding raising issues
  • If the boss does not give weight to something, do not elaborate and agree to let it go
  • Limit questions, doubts as much as possible

 

To what extent can being "out of the chorus" create problems with leadership? No one wants new problems to deal with, every day there are already problems without raising them. Better not to raise unnecessary fuss. Better to prefer then to be ignorant. However, how much do these issues really protect corporate data security?

 

 

The society of superficial control

 

We followed procedures and all company policies. Yet, something did not work as it should. For what reason?

 

How well is the establishment of company procedures and policies really controlled in practice?

 

It is recommended and certainly helpful to define all policies (without exaggeration) but when and how are controls operationally implemented? Instead, how much becomes material to be presented to stakeholders, perhaps during inspections, without delving more deeply into the applications of these?

 

Better a well-done power point than the substance of the controls put in place?

 

How much is window dressing, in this context, part of your organization?

 

 

 

 

This article was inspired by the following sources:

 

Topics: security awarenesssap cyber securityformazione sap

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all

SAP Security Blog AGLEA RSS Feed

Aglea s.r.l. - Subject to the management and coordination of Horsa S.p.A. - P. IVA: IT 03868780960 - 2024 | Privacy Policy - Cookie Policy