The human factor in cybersecurity is frequently assessed by means of awareness campaigns. Although awareness is one ingredient for behavioural change, efforts to increase awareness have had limited effect on actual cybersecure behaviour. This is due to the fact; knowing what you should do is not the same as actually doing it. So, in order to achieve a more cybersecure environment, one should focus on behaviour as end goal. Our team of psychologists investigated the reasons why desired cybersecure behaviours are not performed yet. The results show that besides awareness, or rather ability, two other factors determine whether behaviour takes place or not: motivation and opportunity. By applying these insights we go beyond awareness and contribute to actual more secure behaviour.
Details
time: 12:20
speakers: Inge Wetzer
Other sessions:
The Five People You Meet in Cybercriminal Heaven
Hack_Right; How to Keep Hackers on the Right Track
Flashback with ATT&CK
How to Determine Reasonable Security?
Cyber Supervision in the Netherlands