The human factor in cybersecurity is frequently assessed by means of awareness campaigns. Although awareness is one ingredient for behavioural change, efforts to increase awareness have had limited effect on actual cybersecure behaviour. This is due to the fact; knowing what you should do is not the same as actually doing it. So, in order to achieve a more cybersecure environment, one should focus on behaviour as end goal. Our team of psychologists investigated the reasons why desired cybersecure behaviours are not performed yet. The results show that besides awareness, or rather ability, two other factors determine whether behaviour takes place or not: motivation and opportunity. By applying these insights we go beyond awareness and contribute to actual more secure behaviour.
Details
time: 12:20
speakers: Inge Wetzer
Other sessions:
Digital Service Providers and the NIS-Directive
The Italian Cyber Security Landscape: Building a Resilient Nation
Cryptography in Practice
Pragmatic Security in the DevOps World
Cyber Supervision in the Netherlands
Trawling for Phishing: the Development of Phishing Detection