Digital Leaders runs a comprehensive program of thought leadership, white papers, lectures, salons, conferences and webinars on digital transformation for each of the topics below. You can choose to participate in the Community by following the activities of the programme against a specific topic by signing up for alerts on the sector updates and upcoming events for your priority areas.
Click on the links to access reports and register for upcoming events and participate in the topics below.
“It’s not the end of the world. If something happens, it happens.”
These were comments made by an ‘average technology user’ in research carried out by the National Institute of Standards and Technology (NIST) in the US. They assessed perceptions and beliefs about cybersecurity and online privacy, and identified that people are increasingly desensitized to constant reminders about cyber risks.
“People are increasingly desensitized to reminders about cyber risks.”
The quote highlights the difficulties we face in moving beyond the frustration, weariness and ‘security fatigue’ many of us feel from the bombardment of messages about the dangers lurking online. We’re tired of being told the sky is falling down. But the risk of cyber-attack remains real and relentless – and the reality is that cyber attackers often find it easier to communicate with, engage and influence the behaviours of our staff than we do. So, a new approach is required to engage all of us in making the right decisions at the right time in response to a range of different and changing cyber risks, whether you sit in the boardroom or on the front desk.
“Cyber attackers often find it easier to engage our staff than we do.”
The NIST research found that many of us often feel out of control or resigned to do nothing in regards to online security.
Now take these attitudes into the workplace and organizations are faced with a real dilemma. While many forward-thinking organizations already recognize the need to provide information security training to all staff, how can this be delivered in a way that overcomes the apathy identified in the NIST study? How can we ensure that Information Security training for non-technical staff really engages them to change behaviours and doesn’t just ‘tick the box’? Especially when we know that 90% of all successful cyber-attacks have succeeded through human error.
“We know that 90% of all successful cyber-attacks succeed through human error.”
For me, there are five key lessons for effective Information Security training:
“We need a culture that rewards ideas and learns positively from mistakes.”
By adopting these key lessons, I see innovative and engaging Information Security training helping organisations to really embed and sustain better behaviours. Our own RESILIA™ Awareness Learning provides first-hand evidence of the power of online learning to embed a more resilient security culture.