The greatest threat facing organisations today is that people are simply too busy. They’re too busy to patch, to learn complicated online security hoop-jumping, to enable multi-factor authentication, to set up a password manager…and getting them to focus their attention on doing all of these can be difficult.
So says Suelette Dreyfus, academic specialist, School of Computing and Information Systems at the University of Melbourne, who will be presenting on ‘How to fix the humans: Cyber security and human factors’ at the ITWeb Security Summit 2020, to be held as a virtual event from 25 to 28 August.
According to her, human factors in cyber security have emerged as an important issue because humans remain the cause of many breaches, simply through a lack of understanding.
“Humans do work-arounds when security gets in the way of them doing their jobs or enjoying their lives,” Dreyfus adds. “Cyber security is sometimes about saying: ‘No! You can’t do that', rather than helping humans do what they actually need to do more safely.”
She says helping people do things more securely online can be more nuanced and time-consuming, but it’s also more likely to get them to do the right thing.
Speaking of how she sees the threat landscape evolving over the next five years, Dreyfus says the more we move people’s lives online, the bigger the attack surface of the population in a cyber security sense.
“That means security needs to be designed into products from the very beginning, and it needs to be easy to use, in fact, it needs to be effortless.”
Offering a piece of advice to organisations, she said she would advise them to wrap security around human processes, making them seamless and easy to use for the end-user. “That is how you get successful uptake. If you have to break all the human processes to insert cyber security, you’re going to get resistance and poor productivity.”