The definition of the human aspect of cybersecurity is changing. Here’s what it means in a traditional sense, as well as what it will mean in the future
As today’s CISOs will know, cybersecurity strategies are typically sub-divided into sections on technology, processes and the human aspect of cybersecurity.
Definitions of both technology and processes are relatively uniform. The human aspect, however, is unique.
Unlike its counterparts, the human aspect of cybersecurity can actually mean different things to different people.
The traditional definition
To some – maybe even most – the human aspect of cybersecurity refers to the risks posed to an organization when people, affiliated with that organization, interact with technology. Most of the time, the people in question will be employees – but they could also be suppliers, or any other third party with legitimate access to an organization’s network.
The definition conjures up images of malicious actors, but the human aspect of cybersecurity, of course, refers to both malicious actors and the well-meaning people who could unintentionally cause issues.
The human aspect: an example
The case of Evaldas Rimasauskas, in which Rimasauskas reportedly stole more than $100m from companies including Facebook and Google, is a well-cited example.
According to reports, Rimasauskas stole the money not through malicious software or by conspiring with insiders, but through an elaborate scam that eventually convinced well-meaning people into sending the funds his way.
The problem with the traditional definition
Tales such as the above lead to some understandable – but questionable – security terminology.
For example, they cause some security professionals to refer to well-meaning people as a “weakness” and a security “threat”. And thus, when some talk of the human aspect of cybersecurity, they focus only on mitigating risks.
On closer inspection, though, the traditional definition is odd. The definition seems to suggest that, somehow, an organization’s own people are conspiring to take down their employer from the inside out.
Setting aside a small minority of deliberately malicious actors, that’s not quite accurate. After all, an organization’s own people surely prevent more attacks than they cause.
Every time someone ignores a phishing email, for example, they keep a network secure. Every time someone locks their computer screen before heading out to lunch, they prevent potential unauthorised access.
Every time someone uses multi-factor authentication, or swerves a website following a security warning, or updates software to patch vulnerabilities, they keep their networks secure.
And so, in more and more circles, the human aspect of cybersecurity is beginning to take on a new meaning.
A different meaning
Given people’s unique ability to actively prevent attacks, more and more security professionals are beginning to see people not as a weakness but a defence. That changes what we really mean by the human aspect of cybersecurity.
Traditionally, the human aspect of cybersecurity referred solely to the risks posed by people. Increasingly, it refers not just to the risks posed by people but also to the additional defences security-conscious people can implement.
The evolving landscape of cybersecurity demands a reevaluation of our understanding of the human aspect.
While it’s vital to remain vigilant against potential risks posed by individuals, we must also recognize the tremendous value that security-conscious people bring as defenders of our digital realms.
As we move forward, fostering a culture where employees are empowered to actively enhance security, rather than merely being seen as potential liabilities, will be crucial.
The human aspect of cybersecurity is no longer just about identifying weaknesses; it’s about harnessing the strengths of our human defenders to fortify our digital defenses, making our organizations more resilient in the face of evolving cyber threats.
To learn more about effective Human Risk Management strategies, visit our comprehensive guide and take the first step in bolstering your organization’s cybersecurity posture today.
The security awareness toolkit: must-have free resources to boost your Cybersecurity Awareness Month campaigns
Here at CybSafe, we take pride in our science-based, expert-led approach to cybersecurity. It’s been proven to be highly effective in helping organizations reduce their risk of cyberattacks.
And, frankly, this is stuff that’s too good not to share. So we’re dropping the link here because we know they’ll help you smash cybersecurity resilience not just in October, but all year round.