Security and the Trap of Logic and Common Sense
Security managers, sports coaches and politicians often face the same type of “bullying” by laymen. Basically, no one understands exactly what they do but everyone believes they can do it better and are not afraid to voice and defend their opinion. While everyone is entitled to an opinion the actual problem appears when it is the decision makers who have opinions and have the power to transfer opinions into decisions and decisions into strategies.
As security consultant, I have often heard from prospective clients that they will not be needing my service because they can solve issues by themselves using common sense and logic. As it turns out, logic and common sense are a much cheaper investment than expertise. However, they are not nearly as effective, and they eventually end up being much more expensive on every possible level. I have witnessed numerous embarrassingly ridiculous security setups which were the result of logic and common-sense empowered self-confidence. Now, although similar, logic and common sense are not just two names for the same concept. We use logic to reach a conclusion based on (some) facts while we mostly use common sense to reach conclusions based on assumptions and feelings.
Firstly, I don’t believe that the adjective ‘common’ in common sense stands for ‘widespread’ (it is not really that common after all) but that it actually explains that we can use it for analysing and solving common (ordinary) issues. The same goes for logic. They do help us to perform countless simple daily tasks. Still, there is a level of complexity where they stop being effective and where expertise should take over. For instance, we know that we cannot build a house from the roof downwards and that a house must have walls, windows and doors. However, that is still not enough to actually design and build a house. We know that if John had five apples and ate two of them, he now has three apples left, even if we know absolutely nothing about maths. Still, logic will not be able to help us in, for instance, solving the Gaussian integral.
Of course, the quickest way to fail miserably is to create complex strategies by combining logic and common sense.
For instance, I recently suggested to an institution to implement lock-down procedures (among other suggestions) for the case of an armed attack, as opposed to only having evacuation procedures (through all existing exists) regardless of the type, location and extent of threats. The suggestion was rejected because:
1. Offices have plaster walls and bullets can go through them (logic)
2. Nothing is probably going to happen anyway (common sense)
Any knowledgeable security professional would know that countless people are known to have survived attacks simply because they were behind closed doors (not even locked). Also, not only firearms are weapons, so are knives, and plaster walls work fine against those. Even in case the attacker is armed with a firearm, it is not likely that they would shoot at a blank wall anyway. Moreover, anything is better than sending the employees straight toward an attacker. Finally, attacks are extremely common in that particular type of institution and they can happen anywhere anytime.
This is, of course, just one example out of countless cases out there.
Unfortunately, self-confidence based on over-reliance on logic and common sense is still way more common than simple wisdom to understand our limitations and know when it is time to “call the plumber”.
Do you agree?