Putting people at the heart: The importance of human-centered security
Every second, the world becomes a little more digitized and connected. And that means we open ourselves up to a little more risk everyday.
Yet, when it comes to developing security policies, many organizations focus solely on technical aspects, such as firewalls, antivirus software, and encryption.
I’m not saying these measures aren’t important. Of course they are. But they’re not enough on their own. In fact, to neglect the human component of cybersecurity is, by definition, to accept risk. This report tells us as much.
This is where human-centered security comes in—though you may be more familiar with the term “people-centric security” or “human-centric security”. At its core, it’s a philosophy and approach recognizing the critical role people play in any security program.
It comes down to understanding the whole system—people, data, process, and technology. And acknowledging the complex, socio-technical nature of security.
But that’s why we invest in security awareness programs, isn’t it?
Yes. But, what people do is much more important than what they know.
This means that, by and large, an organization’s security strength is determined by its security culture, and its people’s behaviors. Organizations that prioritize people in their security efforts can greatly reduce the cyber risk they face.
And it’s a win-win, because people who use better security behaviors and recognize the importance of their role in protecting their organization will also be more confident when engaging with technology. In an age where digital transformation and development are routine parts of day-to-day activities, this is a huge advantage.
What are the benefits of human-centered security?
Recognizing the importance of people in the security program’s important, but it’s only the first step.
A human-centered security strategy fully commits to giving the “people” element the level of attention and resources it needs. This means security leadership and security teams take steps to influence people’s security behaviors, as well as their security knowledge.
The key is in designing security systems, tools, and processes that account for how real people actually work and live their lives, rather than how we’d like them to. People need to be listened to, respected, valued, and supported—as well as challenged.
By embracing human-centered security, organizations can also benefit from perks like:
Better security culture
That’s the shared values, attitudes, behaviors, and practices that determine how an organization approaches security. By placing people at the heart of their security programs, organizations can build a more positive security culture that nurtures good security behaviors.
More effective security awareness training
Equipping people with vital information is a critical part of any security program. But it’s worth nothing if it doesn’t resonate with people. Human-centered training is based on how people actually learn—which means people are more likely to remember and act on the information they’re given.
Greater resilience to insider risk
Insider risk, such as people intentionally or unintentionally leaking sensitive data, can be especially damaging to organizations. Human-centered security programs help to identify and thwart these threat actors—all by fostering a positive security culture and encouraging good security behaviors.
What are the main challenges of human-centered security?
Like many worthwhile things, implementing a human-centered security program isn’t without its challenges.
For one, it requires a significant cultural shift within the organization, as well as a willingness to invest in the “people” part of the security program. Then there’s the need for behavioral models and data-driven approaches to assess the effectiveness of the security program.
But the benefits of a human-centered security program far outweigh the challenges. Every. Single. Time.
So how can organizations move forward with human-centered security?
The threat landscape will never stop evolving, so organizations must adapt their security programs to keep pace. ‘Twas ever thus.
Adopting a human-centered security approach is such an adaptation.
In a world where emerging technologies and social media are transforming the way we live and work, it is more important than ever that organizations move to a human-centered approach to security.
The result is an enterprise security culture that not only works for the organization but also for its people.
What does that look like? An informed and proactive security-aware community that’s confident in its ability to recognise and react to potential threats, from targeted threats and credential phishing to insider risk—basically every flavor of potentially catastrophic cybersecurity incidents.
By putting the person at the heart of the security equation, you can build your organization’s resilience to cyber threats, enhance data protection.
People-focused platforms are the future
A human-centered approach to security is essential for any organization that wants to reduce its cyber risk and protect its data.
By acknowledging the critical role that people play in the security equation and investing in their security awareness and behaviors, it’s possible to build a security culture that shows their commitment to security effectiveness and information security.
As Lance Hayden, author of People-Centric Security, notes: “The goal of security is not to make a system unbreakable. It is to create a system that can sustain attacks and recover from them.”
If this has piqued your interest in human behavior’s impact on security, CybSafe’s Behave Report is a fascinating (and sometimes surprising) analysis that further sheds light on why the human angle is paramount in cybersecurity.
