What we learned from CyNam 20.1: The Human Element of Cyber Technology
The first CyNam of 2020 kicked off the year’s events on Thursday 5th March, with a focus on the human element of cyber security, which profoundly affects the more technical components and guarantees that there can be no silver bullet in cyber security.
Working in recruitment we are incredibly people-centric, always trying to find the perfect candidates for our clients. But the human nature of cyber security goes much deeper and requires an awareness from every single person who engages with technology of how to avoid cyber attacks. CyNam 20.1 addressed the major knowledge gaps which exist today and some of the best ways we can address this.
Socio-technical engagement manager at Cygenta, Madeline explained the difficulties surrounding social proof and cyber security, and why the ‘human firewall’ is so last decade! The current approach for most is to chastise and make examples of those who cause breaches, click on phishing links or enable scams. This creates an environment in which people are scared to report incidents because they don’t want to be told off for doing so, which can have catastrophic results as breaches go undetected.
Because of social proof, a behavioural theory in which humans mimic perceived ‘best’ behaviours, if we moved towards a model where we instead reward and praise those who are reporting incidents, people will naturally begin to copy these behaviours instead.
Cygenta also advise really listening to the human element within your organisation and heeding feedback on what works and what doesn’t. Don’t expect changes overnight though, as culture change takes anywhere from three to ten years to really take hold, so we best start soon.
Immersive Labs focus on Human Cyber Readiness, and the gaps which we so desperately need to fill for our safety and security. MD, James, explained that Immersive Labs are growing rapidly (they’re hiring!) and that this had initially highlighted the perceived ‘skills shortage’ within the industry.
However, between thinking outside the box and utilising their own tech, hidden gems and untapped talent sources have presented themselves. There is exceptional existing talent in the workforce from non-traditional backgrounds, meaning businesses need to follow Immersive Labs lead in focusing on aptitude rather than experience if they want to grow in this fast-paced industry.
CybSafe are cyber behavioural cyber specialists and bring a psychological perspective to CyNam’s discourse. Joe Giddens is Head of Content and explains that a lot of the “problems” in cyber security stem from a misunderstanding of human behaviour: people are simply not as interested in cyber security as many have assumed to date.
People are busy and they have their day job to do, so cyber security is just another tick box for most people. This thought process is innate and hard wired into us; it is not our behaviour that is ‘wrong’, rather the approach to making people more cyber aware. We need to stop telling people off for making errors and start understanding human behaviour instead. We shouldn’t measure why behaviours are happening, we should measure why they are not; we must understand why behaviour isn’t happening before we can try and change it. This is simply human nature and applies to all areas of learning and life, we are short sighted to assume that the invention of computers has changed innate humanity.
As if to prove James Hadley’s point that cyber specialists hail from wide reaching backgrounds, Simeon Quarrie of VIVIDA is a former wedding photographer turned cyber CEO! Whilst a massive step-change, this is not quite the enormous step it may sound like: VIVIDA are a Virtual Reality company and Simeon’s focus is heavily in content creation, telling stories to help educate people who – like him – find ‘cyber’ dull and confusing.
The most important thing for VIVIDA is making people feel through narrative. For much of the workforce, cyber is an abstract concept and not a part of their daily discourse, which goes some way to explaining people succumbing to phishing and other scams. Yet, the human element is incredibly important, so VIVIDA aim to put people in the story, with experiences like ‘Date With a Hacker’ bringing the reality of hacking to life for employees.
Scott Lester & John O’Mahoney
To round off the evening’s talks, Scott and John from 6point6 went into great detail on the current landscape of phishing, including spearphishing – a more targeted attack. Using real-life examples of both internal and external phishing attempts, Scott and John explained common pitfalls and the traps into which people often fall, as well as how to avoid them.
As always, we had a couple of top-secret speakers too, but we can’t talk about those.
CyNam 20.1 also included a ‘Cyber Showcase’ for some of our speakers and guests to demonstrate their tech solutions.
First up was Jack Chapman from Aquilai, who told us how phishing is still a very real threat and becoming easier than ever for attackers in line with the rise of crime as a service. Aquilai’s approach to solving this issues centres on augmenting humans with advanced technology to fill the existing gaps.
Next was Joe from CybSafe, who reiterated that Cybsafe were founded on the idea that people are not the problem but the solution to data breaches! 90% of attacks are human error, and CybSafe’s model uses data and learning to understand why this is happening so we can prevent it moving forwards.
Finally came Immersive Labs’ Live Hack, which demonstrated just how easy it can be for hackers to infiltrate computers and data, with a focus on stopping blaming the users who get compromised!
If you want to be a part of future CyNam events, CyNam 20.2 will be on June 3rd and focus on the Changing Face of Cyber. Sign up to the newsletter for regular updates.