With the advent of increased cyber security related threats, the majority of attacks point to one target, and that is the human element. Examine any survey relating to cyber security threats faced by organizations from ransomware to phishing, and these attacks all have one target in common: the human element is necessary to trigger the attack.

Organizations of all sizes are battling this human susceptibility on a daily basis to keep users educated through awareness programs, technology learning systems, etc. Yet attacks are still increasing, resulting in major data breaches involving the exposure of critical organization information by targeting its weakest link.

On the technology side, new approaches to prevent ransomware and phishing have been in the marketplace for years now, but still there seems to be no slowing down in the number of attacks penetrating systems. There is also the compliance standard testing that organizations employ to become certified, yet still attacks persist.

Organizations now need to reexamine the approach they use to prevent attacks on their systems with technology, compliance, and user awareness programs as a supporting role.

Applying human behavioral science to understanding why a user would be enticed to act on an email or social engineering bait is required. This will not materialize by an organization’s user population attending a training session or by introducing some costly technology. What’s needed is the addition of a behavioral intelligence officer (BIO).

The BIO will need to bring in behavioral skills to answer the question of why attacks to the end user are so successful even with state-of-the-art security solutions in place.

The role of the BIO position, therefore, is to continuously analyze human behavior through cyber security-related user education programs and simulated cyber attacks. Another critical function is information-gathering from various threat intelligence feeds to determine correlation (Read more...)