From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

It had been another long day, and I'd let the non-stop barrage of tasks and notifications, each one demanding more bandwidth than I had to spare, get to me. As I sat in my kitchen, chatting to my daughter about the amount of pings each of us got, an uncomfortable thought surfaced.

A few minutes earlier, I’d been scrolling through LinkedIn when a video caught my attention. It featured Sara Wilson dissecting Mark Zuckerberg’s recent three-hour interview with Joe Rogan. In it, she highlighted a fascinating shift in social media behaviour: the most common action people are now taking isn’t liking or commenting on public posts—it’s actually having private conversations in direct messages or small, private groups.

This observation combined with the conversation I was having with my daughter struck a chord, not just because it reflects how we engage with content today, but because it points to a broader evolution in human behaviour.?

As people retreat from the noise of public discourse to more curated, intimate conversations, have we, as a society, become too wired into the constant pulse of our devices to notice what we might be missing? Or worse—too desensitised to distinguish the meaningful from the mundane?

For us in cyber, how do we navigate these new digital threats especially when we layer in the rise of AI and deepfake technologies, and the stakes grow even higher?

Selective Attention in the Age of Digital Overload

Humans are wired to respond to alerts. For millennia, our survival has depended on reacting to external stimuli—whether it’s the sound of a predator or a cry for help. But in today’s hyperconnected world, the sheer volume of digital “pings”—emails, texts, app notifications, and social media updates—has pushed our capacity to respond to its limits.

Much like the shift Sara mentioned, where people are prioritising private conversations over public engagement, we—as human beings— are also learning to filter, delay, or dismiss digital notifications rather than reacting instinctively and under instruction.

While this might protect our mental bandwidth, and in some cases help us avoid hacking attempts via exhaustion tactics, it also has unintended consequences—when it comes to cybersecurity.

Cybersecurity Risks

As people become more selective in their engagement of technology, the behavioural changes we’re now experiencing have significant implications for cybersecurity. Here are some of the risks:

Desensitisation and Missed Warnings:?Whether it’s a phishing email, a password reset notification, or a critical system alert, tech users are increasingly tuning out notifications. While this helps them avoid scams, it also increases the likelihood of ignoring legitimate threats, such as suspicious login attempts or urgent security updates.

Mistrust in Communication:?With the rise of spam, scams, and misinformation, people are becoming more skeptical of digital communication. While skepticism is healthy, excessive distrust can lead to the dismissal of genuine outreach or important instructions—undermining cybersecurity efforts.

Deepfake Technology Amplifying Risks:?The evolution and democratisation of deepfake technology have blurred the line between reality and fabrication. A convincing deepfake video or audio clip can now impersonate trusted sources, making it harder for people to discern genuine messages from fraudulent ones. For instance, we've already seen:

• A deepfake of a company executive instructing employees to transfer funds to a fraudulent account.
• A deepfake (video) from a government official spreading misinformation during a crisis.
• A deepfake (voice note) manipulating individuals into sharing sensitive information.

In our current environment, trust is no longer implicit—it must be verified.

The Path Forward

While it’s essential to question the authenticity of information sources, we must also remain vigilant in our cybersecurity practices and strike a balance between skepticism and vigilance.

Here's what we can do to maintain this balance:

1. Foster a Culture of Security Awareness Security awareness is the foundation of any cybersecurity strategy. Embedding it into daily work culture ensures that employees understand the importance of being vigilant, making this a continuous process rather than a one-time effort.
2. Focus on Trusted Communication Training employees to verify the authenticity of messages is critical in combating phishing and other scams. Incorporating secondary channels, built-in verification tools, and secure platforms enables them to confidently assess the legitimacy of communications.
3. Empower Employees to Pause Encouraging a 'Pause Culture' provides employees with the confidence to take a moment and carefully verify messages before acting. This proactive step significantly reduces impulsive responses to scams or urgent-sounding threats.
4. Deepfake Awareness Educating teams about deepfake technology, including practical tips for identifying fake media, enhances defenses against this growing cybersecurity risk. Awareness of how deepfakes operate adds a critical layer of understanding to modern challenges.
5. Encourage Critical Thinking With the rise of misinformation and technological manipulation, training employees to think critically about what they see, hear, or read is essential. This prevents them from becoming victims of deception while fostering a mindset of cautious awareness.
6. Prioritise Signal Over Noise Optimising notification systems to minimise false positives and irrelevant alerts ensures employees stay focused on actionable and genuine security threats. This approach helps combat desensitisation caused by information overload.
7. Create Psychological Safety Building environments of psychological safety where employees feel supported and secure encourages high levels of challenge and analysis. This is essential for fostering critical thinking and collaboration during complex cybersecurity challenges.
8. Promote Open and Inclusive Communication Open communication across diverse groups reduces risks posed by echo chambers and insular thinking. By valuing diverse perspectives, organisations improve decision-making and enhance their responses to security challenges.

By addressing these steps in priority order, we can build a comprehensive cybersecurity framework anchored in awareness, thoughtful actions, and resilience to evolving threats.

To end.

We are in the midst of a profound shift in how we engage with information. Whether it's withdrawing into private conversations or becoming more selective about what we trust, these shifting behaviours are redefining our digital landscape in significant ways.

At the heart of this change is a growing need to reclaim control in a world overwhelmed by an endless stream of data, notifications, and content. The rise of selective attention serves as a crucial survival mechanism, enabling us to filter the noise and focus on what feels most relevant. Yet while this evolution helps manage digital overload, it also introduces new vulnerabilities, creating blind spots to valuable insights, diverse perspectives, and subtle risks.

For us in cyber, this shift is both a challenge and an opportunity. Today's tech users are more cautious and discerning, which strengthens their defences. However, this heightened selectivity also increases the risk of missing critical signals or falling victim to sophisticated threats like deepfakes and tailored phishing campaigns. Threat actors exploit these blind spots, blending into the noise or crafting attacks that prey on the very skepticism meant to protect us.

To thrive in this complex environment, we must strike a balance between caution and awareness. This means prioritising trusted communication channels, fostering continuous education about emerging risks like deepfakes, and designing systems that empower people to engage securely and thoughtfully from the offset.

So, the question for me iisn’t whether we’ll adapt—we already are. The challenge now is to adapt intelligently, using our evolving instincts to foster a more secure and resilient digital future.

Now I want to hear from you...

Tell me, how can we foster a culture that adapts to humanity’s evolution through technology while tackling deepfakes, digital fatigue, and shifting behaviours to enhance security and critical thinking? What more am I missing?

About Jane Frankland MBE

Jane Frankland MBE is an award-winning cybersecurity leader, author, and women’s change agent. Her authority is referenced by Wiki, LinkedIn, and UNESCO. She built her own global penetration testing firm in the late 90s, has worked as a Managing Director at Accenture, and contributed to numerous industry initiatives, including CREST, Cyber Essentials, and Women4Cyber. Through her IN Security Movement, 441 women have received scholarships, a value of almost USD $800,000. She regularly shares her thought leadership and leader-developer skills with forward -thinking companies and governments, and has been featured in the Sunday Times, The Financial Times, The Guardian, Forbes and the BBC. To find out more, visit https://jane-frankland.com