The decisions we make every day, the way we act and interact with other human beings, are based on the characteristics of human behavior that are innate or that we learn. We develop these traits that are reflected in our behavior over a lifetime and we bring those behaviors into work with us too.
Human behavior is a very complex landscape of instinct and biology overlaid with cultural expectations and norms. Some behavioral traits can be highly specific to a situation, too. Take, for example, how we behave while waiting in line. The relation of behavior and “queue decisions” has been looked at from many angles. Human beings have to process complex variables like how fast a teller is and the relative queue speed before making a decision. However, anyone who has been in the crush during a Black Friday event will know that the process of queuing can fall apart under the right circumstances.
It is with the manipulation of natural human behavior in mind that cybersecurity awareness training programs must work. Human beings are still the weakest security link, with human error being behind 90% of data breaches, according to Kaspersky.
But changing behavior is something that takes time and effort. Behavioral change, to develop better security behavior, is a goal that we must work towards if we wish to make our organization more secure.
The goals of behavior change in cybersecurity
You may well ask yourself, what exactly is a security awareness training program? When teaching your staff about security issues, you ultimately want them to not only be aware but to act on that awareness.
Cybercriminals are already way ahead of the game by using our own behavioral traits to their own ends. Many cybercriminal techniques, such as Business Email Compromise (BEC) (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/QvwszoFSdfQ/