Eight Steps To Building A Human-Centered Security Culture

Published 15 - December - 2020
Source: Forbes
Read full article

By Steve Durbin, Managing Director, Information Security Forum, and Forbes Business Council Member

Ransomware, phishing, social media scams, data leakage, insider threats, cloud security challenges and the majority of all data breaches have something in common: All of these rely on people serving as conduits.

Cyber scammers frequently employ human psychology in their attack strategies, thriving on basic human traits like curiosity, fear, desire, rage and anxiety. Instead of addressing this core vulnerability, organizations tend to gravitate toward technological controls to secure their networks and systems. This tech-centered mindset has the tendency to deprioritize people on the threat scale. In fact, according to a recent Kaspersky study, only 52% of businesses believe they are at-risk from a cyber attack due to the human factor.

Pandemic, Vulnerabilities And Human Psychology: The Perfect Storm For Disaster

Covid-19 has forced businesses to adopt technology overnight and mandate significant numbers to work from home. These changes have expanded the attack surface, subjecting businesses to new threats from unsecured devices, unauthorized software and cloud applications. Social distancing may also provoke feelings of isolation and exclusion. This adds to the fact that, according to Tripwire research (via IT Security Guru), security teams were already feeling overworked before the pandemic.