Canadian Cyber Security Journal
SOCIAL:
Filed under: Training

How to strengthen the human element of cybersecurity

The best defense against cyberattacks is not technological cybersecurity solutions but the strengthening of the human element, Perry Carpenter—cybersecurity veteran, author and chief evangelist-security officer for KnowBe4, said.

Verizon’s Business 2022 data breach Investigations Report revealed that the human element continues to drive breaches, accounting for 82% of all attacks. And attacks are becoming more aggressive, with ransomware jumping 13% in 24 months, a surge higher than the past five years combined.

“As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure and customers protected,” Hans Vestberg CEO and Chairman, Verizon said.

KnowBe4, a security awareness training and simulated phishing platform, recently released a resource kit designed to help IT and Infosec professionals improve their human element of security. The organization said that IT professionals are still challenged when it comes to creating a security awareness program.

Carpenter, in contact with TechRepublic, shared the human security lessons he has learned over the past years. He warns that while rising cybersecurity statistics are of great concern, companies should look beyond them.

“Unfortunately, knowing about cybersecurity threats is only half the battle. Doing something about them—and, more importantly, doing something to prevent them—is where you really should be spending your time,” Carpenter said. He explained that even those engaged in security awareness efforts suffer from a fatal flaw: The knowledge-intention-behavior gap.

The knowledge-intention-behavior gap

“Just because your team members are aware of something doesn’t mean they will care,” Carpenter said. The knowledge-intention-behavior gap explains why breaches continue to rise despite the investments companies make in building strong cybersecurity awareness programs for all workers.

According to Carpenter, workers may be aware of the threats and risks, how they work and what they need to do to avoid them, but still fail to take the necessary actions to keep the company safe.

To revert this situation, companies must close the gaps between knowledge and intention to encourage correct behaviors among their workforces. This requires an approach that the highly technical cybersecurity industry struggles with—working with human nature.

Working with human nature

“Just because your team members are aware of something doesn’t mean they will care,” Carpenter said. The knowledge-intention-behavior gap explains why breaches continue to rise despite the investments companies make in building strong cybersecurity awareness programs for all workers.

The answer, according to Carpenter, has nothing to do with how smart employees are. The most successful techniques to breach a system do not depend on sophisticated malware but on how they manipulate human emotions. Attackers are leveraging natural curiosity, impulsiveness, ambition and empathy.

Enjoy this article? Don’t forget to share.