Subscribe
About

Busy humans pose cyber risk

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 17 Aug 2020
Suelette Dreyfus
Suelette Dreyfus

The greatest threat facing organisations today is that people are simply too busy. They’re too busy to patch, to learn complicated online security hoop-jumping, to enable multi-factor authentication, to set up a password manager…and getting them to focus their attention on doing all of these can be difficult.

So says Suelette Dreyfus, academic specialist, School of Computing and Information Systems at the University of Melbourne, who will be presenting on ‘How to fix the humans: Cyber security and human factors’ at the ITWeb Security Summit 2020, to be held as a virtual event from 25 to 28 August.

ITWeb Security Summit 2020

Register now for the ITWeb Security Summit 2020 virtual event, and experience four days of international keynotes, sessions and workshops all for one price. The event will feature over 50 speakers, with all content being made available on-demand online. To register, and for more information, please click here.

According to her, human factors in cyber security have emerged as an important issue because humans remain the cause of many breaches, simply through a lack of understanding.

“Humans do work-arounds when security gets in the way of them doing their jobs or enjoying their lives,” Dreyfus adds. “Cyber security is sometimes about saying: ‘No! You can’t do that', rather than helping humans do what they actually need to do more safely.”

She says helping people do things more securely online can be more nuanced and time-consuming, but it’s also more likely to get them to do the right thing.

Speaking of how she sees the threat landscape evolving over the next five years, Dreyfus says the more we move people’s lives online, the bigger the attack surface of the population in a cyber security sense.

“That means security needs to be designed into products from the very beginning, and it needs to be easy to use, in fact, it needs to be effortless.”

Offering a piece of advice to organisations, she said she would advise them to wrap security around human processes, making them seamless and easy to use for the end-user. “That is how you get successful uptake. If you have to break all the human processes to insert cyber security, you’re going to get resistance and poor productivity.”

Share