People pose the greatest risk to cybersecurity. Most cybersecurity breaches either start with, or exploit, human error.
People make mistakes.
They fall victim to social engineering.
Or they fail to set up their systems and security measures properly.
It’s much more likely for an attacker to make use of human error, than an esoteric zero day exploit.
To counter this, organisations invest heavily in security training and awareness programmes.
But understanding people – and human behaviour in all its complexity – is vital to effective cybersecurity. After all, human error, or human failure, is the root of most cybersecurity incidents.
So we’re seeing a growing market in security training and security awareness programmes.
But these programmes are not as effective as they could be, or should be.
In part, this is because we lack detailed understanding of human behaviour. But if we know why people act as they do, we have a better chance of changing behaviour, so they put security first.
And we can also create better models of how people act and react. This allows security teams to tailor training, making it more effective.
Over the next few episodes of the Security Insights podcast, we will explore the interaction between human behaviour and security in more depth.
We will look at the emerging field of human risk management, and ask what organisations actually need to do, to change the way their people act. And to start the series, we will look at the psychology of cybersecurity.
Our guest is Dr Thea Mannix, a neuroscientist and head of research at Praxis Security Labs.
Image by Gerd Altmann from Pixabay
Be the first to comment