This paper examines the complex nature of cyber attacks through an analysis of the LastPass breach. It argues for the integration of human-centric considerations into cybersecurity measures, focusing on mitigating factors such as goal-directed behavior, cognitive overload, human biases (e.g., optimism, anchoring), and risky behaviors. Findings from an analysis of this breach offers support to the perspective that addressing both the human and technical dimensions of cyber defense can significantly enhance the resilience of cyber systems against complex threats. This means maintaining a balanced approach while simultaneously simplifying user interactions, making users aware of biases, and discouraging risky practices are essential for preventing cyber incidents.

翻译：本文通过分析LastPass数据泄露事件，深入探讨了网络攻击的复杂本质。研究主张在人机交互的网络安全措施中融入以人为中心的考量，聚焦缓解目标导向行为、认知过载、人类认知偏差（如乐观主义偏差、锚定效应）以及风险行为等影响因素。对该事件的剖析结果证实：同时解决网络防御中的人为维度和技术维度，能够显著增强网络系统应对复杂威胁的韧性。这意味着在保持平衡策略的同时，简化用户交互流程、使用户认知偏差显性化、并抑制高风险操作习惯，对于预防网络安全事件具有关键作用。