Humans are irrational. Seriously, have you ever pondered the whole “halo effect” thing? So I’m digging my claws into this psychology book by Daniel Kahneman called Thinking Fast and Slow and growing more and more thankful to be a lizard.
This halo effect appears to be some kind of cognitive bias which shapes human perceptions and decisions. First impressions quickly form into an exaggerated emotional coherence of a source’s credibility for good or bad. So much for remaining objective!
A partial antidote to the halo effect has long been enshrined in law enforcement standard operating procedures, decorrelate early. Witnesses to an incident are quickly separated so that no corroborating stories are built on shoddy perceptions of credibility. The cyber threat intelligence analyst should take notes.
Diversify your sources. No matter how great they are, over rely on a single vendor or product and you will get burned. One practical way to capitalize on diversity would be to require each individual to write down their assessments prior to meeting together. During the meeting, each member shares their notes exactly as they were prepared beforehand.Trust but Verify and verify. Red teams must be allowed to test the organizational security posture and break down faulty assumptions, and intelligence sources should remain under continuous evaluation for credibility. Halos are for angels, not the intel vendor next door.