Positive Security: Inspiring Behavioral Change at WorkplaceLisa Plaggemier of NCSA and Oz Alashe of CybSafe on influencing behavior
To mark Cybersecurity Awareness Month 2021 this October, the National Cyber Security Alliance and U.K. based behavioral science and data analytics company, CybSafe have released their Annual Cybersecurity Attitudes and Behaviors Report 2021 which uncovers key trends, behaviors and habits among U.S. and U.K. tech users.
Oz Alashe, CEO and founder of CybSafe, states that security awareness training does not lead to behavior change. "Sometimes we think if we could just get people to do more security awareness training, everything would be better, but that's not necessarily the case," he says.
Lisa Plaggemier, interim CSO of NCSA, recommends security leaders avoid using fear to bring about behavioral change. "There's a lot to be said for trying to be more optimistic…We should be talking to people about how much peace of mind they'll have and how they'll worry less if they do things like use a password manager."
In a video interview with Information Security Media Group, Plaggemier and Alashe discuss:
- Key trends and highlights from The Annual Cybersecurity Attitudes and Behaviors Report 2021;
- Why current cybersecurity awareness training and education practices aren't working;
- Advice on inspiring behavioral change and reducing people-related cyber security incidents.
Plaggemier is interim executive director at the National Cyber Security Alliance. She is a trailblazer in security awareness and education, and is a prominent security influencer with a proven track record of engaging and empowering businesses and their employees to protect themselves and their data. She has held executive roles with the Ford Motor Company, CDK Global, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS.
Alashe MBE is CEO and founder at CybSafe, a behavioral science and data analytics company that builds software to better manage human risk. He has extensive experience and understanding in the areas of intelligence insight, complex human networks, and human cyber risk & resilience.