The Best Cybersecurity Solution: “Be Better at Being Human”

8/30/2017

“If you want to master the digital economy, be a better human,” Paul Roehrig, global managing director of the Center for the Future of Work, told ITBusinessEdge columnist Don Tennant during a recent interview.

Roehrig’s organization just released a study examining how businesses and jobs must evolve in response to sweeping digital transformation. Among their findings is a counter-intuitive conclusion: “In a world of more pervasive technology, activities that humans do well will be even more important in 2020 than today.”

“Analytical thinking, communication, and learning skills are all critical now” in the digital economy, Roehrig elaborated in the Tennant interview. “These very human activities — things we do naturally… will become even more essential in our personal and work lives, and for our businesses.”

And in this age of virtually daily data breaches, that opinion may apply most to cybersecurity.

“The cyber battleground has shifted from an attack on hard assets to a much softer target: the human mind,” author James Bone explained to Forbes contributor Christopher Skroupa during a recent Q&A. “If human behavior is the new and last ‘weakest link’ in the cybersecurity armor, is it possible to build cognitive defenses at the intersection of human-machine interactions?”

Bone, who just released a book, Cognitive Hack, believes the answer is “yes,” but the challenge requires a new way of thinking about security, data governance and strategy. Business leaders at companies of all shapes and sizes must reframe their understanding of security beyond technical considerations to include intellectual strategies. In his book, Bone offers a Cognitive Risk Framework for Cybersecurity (CRFC), which draws from multidisciplinary fields such as cognitive informatics security, machine learning, artificial intelligence (AI), and behavioral and cognitive science. Quite an intimidating, complicated bundle of topics.

But Bone’s framework and Roehrig’s study are based on the same simple truth: Hackers, the individuals behind cyber attacks, are people, and the best way to deflect and defeat their malicious forays is focusing on people issues – e.g., education and training. So, in the interest of helping readers “be better at being human,” we will reiterate “five keys to effective cybersecurity awareness training” from one of our earlier posts:

  • Involve Everyone at All Levels – No level of an organization should be exempt from cybersecurity training, especially the firm’s leadership.
  • Design Interactive Programs – Engage staff by working with them one-on-one whenever possible and conducting a lot of Q&A.
  • Require Commitment, Enforce Accountability – Equip staff with tools and clear instructions, and then solicit formal commitment to using those measures.
  • Eliminate Ambiguity – Identify specific actions that pose risks, such as using random flash drives, and provide precise instructions for avoiding those dangers.
  • Make Training Continual and Vary Techniques –Stage training sessions more than once a year, and conduct other activities in the interim, such as newsletters, alerts, security checks, etc.