Expressworks Perspective on Human Behavior and Cyber Security
•Télécharger en tant que PPTX, PDF•
2 j'aime•1,163 vues
Want to understand how we incorporate behavior science and cyber security? Download the presentation we gave to the Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference in August, 2015.
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (20)
Similaire à Expressworks Perspective on Human Behavior and Cyber Security
Similaire à Expressworks Perspective on Human Behavior and Cyber Security (20)
Dernier
Dernier (20)
Expressworks Perspective on Human Behavior and Cyber Security
- 1. © EXPRESSWORKS Cyber security and Human Behaviors Presenters: Hend Ezzeddine Catherine Zaruba Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference
- 2. Only amateurs attack machines; professionals target people. Bruce Schneier
- 3. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
- 4. 4 With more connectivity comes more risks… Human error is a major concern © EXPRESSWORKS *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015 A comprehensive identity-theft kit containing a health insurance record can be worth as much as $1,000 Incidents among healthcare payers and providers soared 60% over 2013,..an increase that was almost double that reported by all industries. Investment in information security increased 66% over 2013
- 5. 5 Technology is not enough… Human error is a major concern 88% Spear phishing 70% Biggest cyber security threat in healthcare 40% Root cause of the healthcare organizations’ data breach © EXPRESSWORKS Cause of security incidents In healthcare Employee negligence Unintentional employee action *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015
- 6. 6 Most organizations adopt a fragmented response to cyber threats Human error is a major concern © EXPRESSWORKS Use mobile devices to exchange data and provide servicesHealthcare provider The patient Access complete medical records online Healthcare payer Lower cost and speed payments Security professional Protect sensitive data
- 7. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
- 8. 8 Are you satisfied with every performance aspect of your cyber security effort? Integrating Behavioral change to reduce human error © EXPRESSWORKS Minimizing human errors calls for a multi-disciplinary approach to cyber security and behavioral change is one of them. How to reduce human errors?
- 9. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
- 10. 10 Security related-behaviors are usually a response to visual or informational triggers Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train the users to avoid cyber threats Design of Security Technology Reinforce security compliance What human behaviors need to be reinforced?
- 11. 11 Apply Human Performance engineering to your design Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Active warning Require the user to deliberately decide accessing a web site or downloading an attachment Passive warning Provide the user with a warning message and the option to learn more and/or disregard the warning
- 12. 12 Use perceptual learning to effectively train users Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Spear phishing training Pay close attention to the email address Is the message personally addressed to you? Is there an immediate action required from you? . Is there a link or an attachment? Train specific visual skills that require split-second decisions.
- 13. 13 Use “operational security” techniques to keep your staff alert Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train them to recognize pretexting or social enginnering incidents Test them frequently to help them practice in real-time and gain consistency Once they have succeeded a few times, they will spread the word
- 14. 14 Maintain compliance by promoting the right behavior Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS This email is to notify you that it is time to change your password. Click here to change your password. Complying with our security compliance will allow you to maintain your access and keep your data safe. Please do your part in maintaining that. Did you know… 85% of our customers comply with our password change policy. Please do your part in maintaining this high performance compliance. Social Proof - the evidence of the crowd. People’s behavior is largely shaped by the behaviors of others around them. Prospect Theory- By framing an action as a gain rather than a loss makes people more likely to take it. Email notification to change your password
- 15. 15 Integrating behavioral change is key to reinforcing cyber resilience Today’s key learning © EXPRESSWORKS I have diversified work assignments and access to the right training. I understand our cybersecurity solution and how to measure its effectiveness. I own cybersecurity for myself and my organization I feel empowered to make the right decisions and can access the C- suite/board as needed
- 16. 16 Doing without doing… Closing Comments © EXPRESSWORKS Once people adopt the right behaviors, complying with cyber security will become a second nature…Everyone in your organization will know what to do with minimum guidance. Leonard Bernstein Haydn Symphony No 88
- 17. 17 We are ready for your questions… Thank you for your attention © EXPRESSWORKS
Notes de l'éditeur
- People’s behaviors are currently a major source of cyber security threats.
- Source: 1. PwC, The Global State of Information Security Survey, 2015 2. Dell SecureWorks, Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier, July 15, 2013 3. PwC, The Global State of Information Security Survey, 2015
- A closer look at the nature of cyber security incidents pinpoints that relying on technology is not enough. Most of incidents are not caused by a technological failure, but human errors that could have been prevented through a more holistic approach.
- Technology-centric and compliance-driven cybersecurity initiatives deepen the gap between the need to protect company assets and the reliance on connectivity to thrive as a business. This gap is what drives the wrong human behavior and increase human errors, putting the entire organization at risk. When the solutions include the people side, cybersecurity becomes everyone’s responsibility.
- Software and Hardware performance is what most companies focus on Human performance relates to adopting the right culture, expressed through safe behaviors Process Performance relates to the operating model of your cyber security approach Leadership performance relates to the commitment and support provided by the C-suite and the board
- Focusing on human behavior when designing cyber security technologies, training users on cyber threats and reinforcing compliance is widely recognized as a key element of success. When users are given the tools to recognize cyber threats, they are able to behave in the right way.
- Consider which type of security warnings will be most effective in triggering the right behaviors. For example, active warnings will require the user to deliberately decide accessing a web site or downloading an attachment.
- Perceptual learning in humans occurs when a person is repeatedly exposed to specific stimuli (information). Perceptual learning involves long lasting and amazing changes to the human perceptual system that incredibly improve one’s ability to respond to the environment.
- When training your users or your business partners, use scenario based training that puts individuals under the test. By training them frequently, you will use the effect of “being watched” to your advantage: users are more alert and want to pass the test every single time.
- When behavioral science is applied to your communication, you will be able to maximize the effectiveness of your message
- Video: Leonard conducting w/o moving a figure because everyone already knows what to do… (from TEDTalk on leadership – he’s there and moving his head, but it’s not very intense. Make sure you link back with the very first slide as we opened up the presentation with one of his quotes ***If you’re on a Mac*** Watch from 2:22s to 3:32s : https://www.youtube.com/watch?v=oU0Ubs2KYUI
- Video: Leonard conducting w/o moving a figure because everyone already knows what to do… (from TEDTalk on leadership – he’s there and moving his head, but it’s not very intense. Make sure you link back with the very first slide as we opened up the presentation with one of his quotes ***If you’re on a Mac*** Watch from 2:22s to 3:32s : https://www.youtube.com/watch?v=oU0Ubs2KYUI