The human factor in cybersecurity is frequently assessed by means of awareness campaigns. Although awareness is one ingredient for behavioural change, efforts to increase awareness have had limited effect on actual cybersecure behaviour. This is due to the fact; knowing what you should do is not the same as actually doing it. So, in order to achieve a more cybersecure environment, one should focus on behaviour as end goal. Our team of psychologists investigated the reasons why desired cybersecure behaviours are not performed yet. The results show that besides awareness, or rather ability, two other factors determine whether behaviour takes place or not: motivation and opportunity. By applying these insights we go beyond awareness and contribute to actual more secure behaviour.
Details
time: 12:20
speakers: Inge Wetzer
Other sessions:
Pragmatic Security in the DevOps World
You Should Get Some (Cyber) Exercise!
Trawling for Phishing: the Development of Phishing Detection
Hack_Right; How to Keep Hackers on the Right Track
Deviant Security: the Technical Computer Security Practices of Cyber Criminals