Select Page

We need to stop referring to humans as security “assets”

CYBSAFE-SebDB Webinar-preblog-221011MS-36

17 October 2022

We were wrong. Humans are NOT “security assets”.

Myles quote webinar

First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent.

Then they became the “strongest asset” because the industry realized that technological security is not enough. And that the problem was with the training, not the people.

Now, we’re telling you that they’re neither of those things.

Sorry.

To be clear, we’re not saying that people are the weakest link. Or that people aren’t an asset. We’re just saying that both of those terms are … problematic. We take issue with the former for obvious reasons. But we have a new argument against the latter.

We’ll do our best to summarize. But it was best explained during our webinar, ‘Security awareness is dead (or dying)’ by Tide’s Security Culture & Awareness Analyst, Shaketa Welch.

If you missed it, don’t sweat it, you can watch it on demand here, for free!

Alright, so here it goes…

People are just people

Nothing more. Nothing less. Referring to people as “assets” may seem like a compliment, but it’s actually a little dehumanizing.

And, according to Shaketa, it’s not surprising that the security industry doesn’t see the problem, because there’s generally a lack of “human-to-human touch”. In other words, it’s been the norm to treat people like another cog in the machine, and not like … wait for it … people.

It’s the reason security professionals use complicated language, fearmonger, generally say things that put people off, and assign the kind of security awareness training that makes people want to call in sick.

Ceri Jones quote tech webinar

So, this is what it comes down to: security professionals just aren’t doing enough to reach people. But most won’t admit it. Instead, they say things like “people just don’t care about security”. And that may be true. But there’s more to it than that.

If people weren’t receptive to security messaging, they wouldn’t lock their cars or hide their pin codes at the ATM. The right messaging is the messaging that changes behavior and gets people to take action. 

Unfortunately, most professionals don’t have the confidence to push boundaries and go against the grain. But the tide is changing. Traditional security awareness is dying, and giving way to solutions that actually put humans (and human behavior) first.

Want to know more about the death of security awareness, and how you can move on? Watch our free security awareness webinar

tech webinar watch on demand
Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

Maximizing security awareness engagement: How the pros do it

Maximizing security awareness engagement: How the pros do it

Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...