In the cybersecurity industry, people are described as a weak link leading to cyber-attacks, and the most effective way to reduce risk is to implement the latest and greatest technology. But on average, more than 1 in 5, or 20%, malicious phishing emails leak through filters and into people’s inboxes. Coupling this with
Verizon’s Data Breach Report findings that 82% of all cyber breaches involve the human element led by social engineered attacks, focusing on motivating people to spot and stop these attacks has never been more relevant.
It’s time to change the narrative that people are the problem – they’re your organizations’ best asset to spotting and stopping cyber-attacks that evade technology controls.
To effectively manage risk, you must understand further than the technology implemented when creating successful cybersecurity programs. If humans are the target of attacks, then the best way to stay ahead of social engineering antics is to know how humans are programmed to think.
Our brains are wired with mental shortcuts that have, over the millennia, helped us conserve resources and implement survival strategies. However, leaning too heavily on these shortcuts creates biases that can lead to flawed decision-making – particularly when it comes to cyber risk. One of the riskiest groups of employees is new hires. They possess preconceived notions like "Beginner's Bubble" (the Dunning-Kruger Effect), anchoring or optimism bias. The solution to lowering that risk is to apply a motivation-based approach supported by proven frameworks in neuroscience, biology, psychology, and behavioral economics.
This presentation will provide security professionals, leaders, and program administrators with proven frameworks and methodologies like SCARF that they can integrate into awareness programs without additional tools or solutions. We will share what we’ve uncovered in our work with independent cybersecurity researchers and organizations worldwide, provide actionable insights for attendees to bring back to their programs, and challenge ideas to help drive the next evolution of cybersecurity awareness.
