If we’re honest with ourselves, we’ve all known it for a long time. Posters. Compulsory e-learning. Seminars and desk-drops. They’re security awareness staples. And they’re now all, without question, ineffective. They’re designed to teach people about security. Just on our terms.
People have overdue deadlines. Expectant bosses. Kids to feed. So we run our campaigns. And people smile and nod. Meanwhile, cyber criminals laugh and joke. For a long time, we’ve needed an overhaul.
Times have changed
Borderless security awareness is a radical change of thinking for a radically different world.
Consider COVID-19 for a second.
Now, old security awareness campaigns are absurd.
How many people are putting up their own security awareness posters at home?
How many people have security desk drops on their kitchen tables?
Good luck holding people’s attention in a virtual seminar. Or getting people on board by attacking them in their own home.
Maybe. With seven other tabs open and the TV on in the background.
Enter borderless security awareness
Borderless security awareness is the only reasonable reaction to the permanently altered world.
It’s not just about securing remote people.
COVID-19 torched some time-honoured borders.
The physical separation between homes and offices. The assumed protection of in-situ office networks. The hope-filled comfort blanket of extensive security policies.
The border between personal and professional lives. And the border curtailing our expectations.
All are gone. And we need to adapt.
Borderless security awareness is our next move.
Borderless security awareness is about ditching a delusional blueprint.
It’s about downgrading enforced e-learning.
It’s about stepping beyond fake phishing.
Borderless security awareness is about supporting and assisting people at the right time and wherever they are.
It’s security awareness. For a world without borders.
The principles of borderless
At the heart of borderless thinking are six core principles:
- Engage with people at the right time and in the right place. We must help people when they need help – not on our own arbitrary schedule.
- Treat people like adults. We must build security into people’s lives in a people-centric way.
- Go beyond training and education. Training and education alone do not work. People need support and assistance too.
- Focus on security behaviours. What people do matters more than what people know.
- Focus on resilience rather than absolute security. Security isn’t binary. We must watch and adjust our resilience as desired.
- Measure. Use data and metrics to determine impact. Only then can you manage and reduce your cyber risk.
Borderless security awareness is an approach. It’s a mindset.
It guides how you view and address human cyber risk as it relates to security awareness, behaviour and culture.
Borderless security awareness examples
CybSafe’s Assist helps people on-demand, no matter where they are.
Let’s say they click a suspicious link.
Assist guides them. It tells them what to do next. It’s welcome advice that suffocates resulting cyber risk.
CybSafe’s Protect is another example.
With Protect, people get interactive “checklists” that help them build their security armour. Think fitness apps, or digital games.
People set security goals. – like securing their smartphone. Or security professionals set it for them. People work towards the goal in their own time, building their resilience as they go.
The above have almost nothing to do with the existing security awareness blueprint.
No posters; no desk-drops; no tick-box e-learning.
And they work. We have the data and metrics to prove it.
Changing security roles
COVID-19 has changed the world. In doing so, it’s changed the security awareness blueprint.
It’s also changed the role of security professionals.
We’re still here to manage cyber risk. But how that’s done has changed.
We need a new approach to security awareness. The new approach needs to be tailor-made for today’s world. And that means it needs to be borderless.
Traditional security awareness is dead.