Security awareness is dead. Long live borderless security awareness.

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

June 30, 2020

If we’re honest with ourselves, we’ve all known it for a long time. Posters. Compulsory e-learning. Seminars and desk-drops. They’re security awareness staples. And they’re now all, without question, ineffective. They’re designed to teach people about security. Just on our terms.

People have overdue deadlines. Expectant bosses. Kids to feed. So we run our campaigns. And people smile and nod. Meanwhile, cyber criminals laugh and joke. For a long time, we’ve needed an overhaul. 

It’s arrived.

Times have changed

Borderless security awareness is a radical change of thinking for a radically different world.

Consider COVID-19 for a second.

First, COVID-19 changed our tech. It changed the way we live, learn, shop and work. And by the way, the changes are permanent

Now, old security awareness campaigns are absurd.

How many people are putting up their own security awareness posters at home?

How many people have security desk drops on their kitchen tables?

Good luck holding people’s attention in a virtual seminar. Or getting people on board by attacking them in their own home

Compulsory e-learning?

Maybe. With seven other tabs open and the TV on in the background.

 

Enter borderless security awareness

Borderless security awareness is the only reasonable reaction to the permanently altered world.

It’s not just about securing remote people.

COVID-19 torched some time-honoured borders.

The physical separation between homes and offices. The assumed protection of in-situ office networks. The hope-filled comfort blanket of extensive security policies.

The border between personal and professional lives. And the border curtailing our expectations

All are gone. And we need to adapt.

Borderless security awareness is our next move.

Borderless security awareness is about ditching a delusional blueprint.

It’s about downgrading enforced e-learning. 

It’s about stepping beyond fake phishing.

Borderless security awareness is about supporting and assisting people at the right time and wherever they are.

It’s security awareness. For a world without borders.

 

The principles of borderless

At the heart of borderless thinking are six core principles:

  • Engage with people at the right time and in the right place. We must help people when they need help – not on our own arbitrary schedule.
  • Treat people like adults. We must build security into people’s lives in a people-centric way.
  • Go beyond training and education. Training and education alone do not work. People need support and assistance too.
  • Focus on security behaviours. What people do matters more than what people know.
  • Focus on resilience rather than absolute security. Security isn’t binary. We must watch and adjust our resilience as desired.
  • Measure. Use data and metrics to determine impact. Only then can you manage and reduce your cyber risk.

Borderless security awareness is an approach. It’s a mindset. 

It guides how you view and address human cyber risk as it relates to security awareness, behaviour and culture.

 

Borderless security awareness examples

CybSafe’s Assist helps people on-demand, no matter where they are.

Let’s say they click a suspicious link.

Assist guides them. It tells them what to do next. It’s welcome advice that suffocates resulting cyber risk.

CybSafe’s Protect is another example.

With Protect, people get interactive “checklists” that help them build their security armour. Think fitness apps, or digital games. 

People set security goals. – like securing their smartphone. Or security professionals set it for them. People work towards the goal in their own time, building their resilience as they go. 

The above have almost nothing to do with the existing security awareness blueprint.

No posters; no desk-drops; no tick-box e-learning.

And they work.  We have the data and metrics to prove it.

 

Changing security roles

COVID-19 has changed the world. In doing so, it’s changed the security awareness blueprint. 

It’s also changed the role of security professionals.

We’re still here to manage cyber risk. But how that’s done has changed. 

We need a new approach to security awareness. The new approach needs to be tailor-made for today’s world. And that means it needs to be borderless.

Traditional security awareness is dead.

Long live borderless security awareness.

How to make sure remote workers learn security skills from others – Part 2

How to make sure remote workers learn security skills from others – Part 2

As we discussed in part one of this post, isolation restricts remote worker security. (Read part one here before continuing.) Remote workers can’t watch others. They rarely receive verbal feedback. And even if they did, remote workers tend to feel their environment prevents security – which limits their learning. That’s all proven to cap remote worker security. So what can you do about it?

read more