Security training: should we give humans a break?
26 April 2019 |
Cryptographer Bruce Schneier once said, "only amateurs attack machines, professionals target people" and yet how far should we be blaming humans for the breakdown of our cyber security?
Many organisations push out some sort of security awareness training, simulated phishing emails, or bright, amusing posters relaying the importance of cyber security – but how effective are these traditional methods? Or could they, in fact, be doing more harm than good when it comes to building a solid relationship between the workforce and security teams?
Flavius explains why we should be reframing the conversation around what is expected from humans and why we need to be talking about "managing human risk" rather than "behavioural change". We also explore what the role of the CISO should be and how the public and private sectors can work better together.
Presenter: Anna Delaney
Music: The Pain, Nick Homes
Latest posts by Anna Delaney (see all)
- A hacker’s advice for introverts working in InfoSec - 22nd July 2019
- Up-skilling your cyber security workforce with Matt Lorentzen - 19th July 2019
- “The more you understand people, the better security leader you can be” – Kevin Fielder, CISO, Just Eat - 15th July 2019
- Leadership, imposter syndrome and humour with Thom Langford - 12th July 2019
- Spotting the Insider Threat with Lisa Forte - 5th July 2019