Speakers
Synopsis
Context:
Through the numerous engagements that I've had with clients, the measure of success was on click-rate and in slightly more mature organisations; reporting rate.
For SMEs and NGOs, their maturity is even lower as they are constrained by resources and often find themselves doing the bare minimal ; whatever checks off the compliance list, that supposedly helps them to stay safe from data breaches.
The truth of it is, conducting a security awareness training program with the intention of fulfilling compliance requirements WILL NOT decrease the risk.
A healthcare China client who conducts monthly phishing simulations still went on to have a breach, and when asked why he fell for the QR code phishing, the staff shared he couldn't recall the learning from the phishing simulation in the moment.
It is just one example among many who had failed to "Stop, Look, Think and Validate" as this mode of operation is not the norm for everyone.
Therefore, my presentation targets to help SMEs and NGOs understand the true intent of why we are conducting a Security Awareness Training Program (Security Culture) - it's to build Cyber Safe Habits!
And we all know that building a new habit means unlearning old ways and reprogramming ourselves, which is extremely difficult. If not, we would all be eating well, have a regular exercise regime and insurance premiums wouldn't be that expensive.
In my presentation, I will cover the following:
1. Why making smarter decisions is so difficult in general and not just smarter security decisions.
- An average adult makes 35,000 decisions daily!
- We are in autopilot mode 95% of the time (Think Fast and Slow - 2 systems of thinking)
- Framing the audience with a card trick for them to experience despite being smart individuals, how we can still fall for it.
2. Understanding the 3 frameworks to help nurture Cyber Safe Behaviors
- BJ Fogg's Behaviour Model : To get the results we want, the right level of Motivation + Ability is required to address the Prompt (Social Engineering instance).
- The Forgetting Curve: Understanding adult learning whereby microlearning is key to combat the exponential "forgetfulness" like what we've learnt from the healthcare client; that even monthly phishing is not enough.
- Charles Duhigg’s Habit Loop : This supplements BJ Fogg's behaviour model regarding motivation and the emphasis here is "positive stimulus" as a reward to encourage the craving that powers the habit loop
3. Selling it to the Management: Tools and Whitepapers to get the audience started
- For SMEs and NGOs, reputational damages alone can be irreversible and cause them to cease operations altogether as they wouldn't have the resources that bigger firms do
- Introducing tools leveraging on GenAI to help them reduce workload and build on those habit loops
- Security Culture Cycle of Improvement White Paper: a framework detailing the importance of defining 1 to 3 key behaviors to change and their impact, getting exec and users buy-in, measuring progress, refining and repeat.
