teissTalk: Are infosec leaders emotionally literate enough?

On 18 May, teissTalk host Thom Langford was joined by Cameron Brown, Director - Cyber Security/Risk Advisory, Deloitte UK; Dr. Edewede Oriwoh, Group IT Information and Cyber Security Manager, Redde Northgate Plc; Holly Foxcroft, Head of Neurodiversity in Cyber Research and Consulting, Stott and May Consulting.

Views on news

Immersive Labs, the leader in people-centric cyber resilience, today announced its 2023 Cyber Workforce Resilience Trend Report, conducted by Osterman Research.

 

The report reveals a steady increase in cyberattacks and an evolving threat landscape as more organizations turn their attention to building long-term cyber resilience; however, many of these programmes are falling short and fail to prove teams’ real-world cyber capabilities. 

 

Top management, however, can’t blame the workforce for not being knowledgeable enough about cybersecurity, as its in fact their responsibility.  

 

For cyber security training to be effective, the channels of education have to be tailored to each employee’s needs. Some of them may prefer gamification, others, who often fail security tests, may need a one-to-one conversation.

 

ZeroTrust a reality or an ambition?

Naturally, not all companies can afford gamification tools. Cybersecurity should be made relatable to those too who have no understanding of technology, and generational differences should also be factored into the training programme. Recognising neurodiversity and its overrepresentation in cybersecurity is not enough.

 

You need action plans too regarding how you’re supporting these individuals. Leaders’ emotional intelligence can drive improvements in performance too. If you feel you have communication issues, talk about it with staff. Address the elephant in the room. Sometimes unusual approaches to educating staff have better results.

 

One example was a security professionals stealing laptops from employees unlocked cars in the company car park. 

 

The panel’s advice

People are the key link to the cyber-security chain.

Leave the old blanket approach behind and personalise security training.

“If you think education is expensive, you should try ignorance.”

Security may not be everybody’s job, but it should be everybody’s business.