Whether due to limitations of budget or time, or just doing things the way they’ve always been done, some of the standard ways of addressing cyber risk (i.e. training simulations, mandatory lunch and learns, or boring slide decks) aren’t the best at actually driving behavior change.
In the 2022 Verizon Data Breach & Investigations Report, they found that 82% of breaches were originated by human activities. This report rings true across all industries. So if you knew who your riskiest populations were, and could change their behaviors, imagine what that 82% might drop to.
At the core of Human Risk Management is the goal of creating true behavior changes across the organization, not just cleaning up after an incident. However, you can’t change things you don’t see, and aren’t even aware of.
If we followed conventional Security Awareness & Training industry wisdom in other areas of life, we’d see a broken glass in the kitchen and hurry to clean it up, which makes sense. But then, when another one breaks, will the clean up approach work to prevent a break from happening again?
Maybe you decide to send everybody who lives in your house to a 30-minute training session, a few times a year, about why glasses break when they hit the ground. Will that actually change what’s happening? How would you know why the glasses keep breaking if you don’t have the data you need: who is breaking them, why is it happening, and what those specific people need to know to change their behaviors.
As Jinan Budge, VP and Principal Analyst at Forrester puts it in a recent blog post, when it comes to security awareness and training, “behavior and culture change have moved beyond being performative to fostering real action.”
In her post on the Forrester blog, Jinan Budge states that there are four “distinct, unexpected, and crucial functionality segments” that security awareness and training vendors can employ to keep up with and hopefully stay ahead of this ever-changing threat landscape. These include key principles that Living Security believes in, principles that can help your team quantify human risk, engage your workforce, and measure behavioral changes, which we believe will help drive Human Risk Management to be the new gold standard for the security training industry.
A Data-Driven Approach to Behavior Change
It’s data that drives change, because it’s data that creates awareness. Simply knowing that glasses keep getting broken isn’t enough. You need to harness the power of the data your organization is already generating so that you can identify the areas where additional training and support is needed. Once you know it, once you see it, you can do something about it.
What role do your team’s behaviors online have on impacting the cyber risk of your organization as a whole? For real and disruptive change in security culture to take place, it's vital to acknowledge that human risk is much more complex than just who passed or failed a phishing test. When was the last time your users updated their password? Are they using a password manager? How many devices are they using to login to access company files, and are they using a secure VPN when not in the office?
Content-Driven and Experience-Driven Solutions by Segment
The core of Human Risk Management is in the human element, and we believe that means training can spark curiosity, awaken playfulness, and actually (brace yourselves) be fun. Through virtual escape rooms, games, and training sessions that aren’t outdated powerpoint presentations from 1997, you can not only empower your employees, but get them excited to learn more, do more, and be more.
Plus, by identifying the employees or departments that present the most cyber risk to your organization, you can give them specifically tailored action plans, including training specifically focused on the areas that are most detrimental to their risk scores. By using a Human Risk Management approach to quantifying your organization’s human risk and working directly with the groups that present the most risk with relevant & engaging cybersecurity training, your entire workforce can then become security experts. ool. You can see examples of this type of engaging training, which has proven to lead to a 16X increase in employee engagement, on our content page.
A One-Stop-Shop that Unifies Data
Living Security Unify Insights brings it all together. The industry is changing, and companies have the unprecedented opportunity to work with their data to develop responses ahead of incidents, using data that they already have on hand. Unify Insights provides one place and one dashboard which makes it easy to create actions to address your highest risk segments and behaviors. With this knowledge, security leaders can tailor programs for specific groups and up-level their security awareness and improve their risk profile, empowering you to transform your workforce into your strongest security asset, directly mitigating cyber attacks.
Human Risk Management is poised to disrupt this field in a big way. Don’t get left behind, and don’t waste your time and your money with after-the-fact stopgaps that just don’t fit. After all, I think we’d all appreciate a bit less broken glass all over the place. Clean it up, make it safe, and get smarter, with Living Security Unify Insights.