Strengthening and measuring cyber skills: behavioural science and the human firewall
In many successful cyber attacks, human behaviour opens the door or window. Technical tools can help, whether by obliging people to change passwords, or by adding MFA, reviewing code or filtering millions of logs. However, they won’t stop someone from clicking on a malicious link in an email. To cope with this human-created vulnerability, organisations spend hours on employee training, use external reviewers for their code, and create dedicated networks and guest Wi-Fi to keep the infrastructure resilient.
Presentations from the X-change of 27 April 2023.
27 / 04 / 23
These investments should go beyond raising awareness, and in fact lead to stronger cyber skills in the organisation. As a start, organisations can use, for example, a skills gap analysis, to determine what needs to be fortified, and then decide whether to do it internally or to outsource it. They can then measure the results through penetration testing, for instance. But they can also use behavioural science, approach cyber security as a transformation, and focus on the forgotten cyber security skills.
In this session, we first heard from Deloitte about how behavioural science can be used to measure cyber security skills. Then John Cockerill explained its transformative journey to strengthening security awareness and security skills. Finally, we learned how Fédérale Assurance is focussing on forgotten cyber skills.
Presentations from the event are available for Beltug members (after login):
- Deloitte presentation: Behavioural science to strengthen cyber security skills
- John Cockerill user story: Stronger through the techno-human firewall
- Fédérale Assurance user story: Forgotten cyber security skills