Is the human employee the weakest link?a
Let’s see… we give them worthless cybersecurity training (if at all), they fall for an attack, and therefore they are clearly the problem, right? Wrong!
This conversation you are about to hear is about using Behavioral Science to help organizations and individuals to become more cybersecurity conscious.
This year - 2018 - marked the 10th gathering of ISSA-LA - Summit X - and ITSPmagazine was there to learn, see old friends and new, and interview interesting speakers and attendees.
As we were enjoying the day, we decided that it was time to pretend to work and get a couple of podcasts in the can, so, impressed by her presentation “Using Behavioral Science to Secure Your Organization,” we invited Elevate Security founder Masha Sedova to sit down for a conversation with us. She said yes and the rest is history - recorded history - for your enjoyment.
The main question we discussed was: “Why is it so hard for people to grasp the concept of cybersecurity and what can organizations do about it?”
Actually, it was more like: “What can we do to make the everyday end user conscious about the security risks that are hidden around every corner of this cyber society we live in?”
The answer is: Not sure yet.
I guess the point is that cybersecurity for humans is complicated because humans are complicated. We have emotions, we are endlessly curious, we can be quite trusting/naive, we have too much going on in our super fast-paced lives to stop and think, and often we are just plain lazy.
So listen up as we talk about:
The three components required in order for people to change their habits and start embracing different behaviors: the motivation, the ability, and the trigger.
Why the concept of cybersecurity is so hard to grasp. Maybe because of its abstract nature?
Whether it helps to connect employees’ security behavior at work with their security behavior at home. Would they care more about security when it involves their home and family life?
How much embracing diversity in the way we think about cybersecurity can help to resolve the “weakest link” problem. Can teams made of diverse cultures, mindsets, educational backgrounds, life experiences, and perspectives make cybersecurity at the human level the strongest link instead of the weakest one?
Ultimately, how can we motivate employees/people to care about cybersecurity if we keep considering the end users to be the weakest link?
Maybe this story will help you change your perspective.
I think so.
* If you have read my introduction above, you can go directly to the conversation by skipping ahead to 2':57'' - Enjoy!