Select Page

We need to stop referring to humans as security “assets”

CYBSAFE-SebDB Webinar-preblog-221011MS-36

17 October 2022

We were wrong. Humans are NOT “security assets”.

Myles quote webinar

First, the industry referred to people as the “weakest link” in cybersecurity. Because you know how those pesky things click on every link they’re sent.

Then they became the “strongest asset” because the industry realized that technological security is not enough. And that the problem was with the training, not the people.

Now, we’re telling you that they’re neither of those things.

Sorry.

To be clear, we’re not saying that people are the weakest link. Or that people aren’t an asset. We’re just saying that both of those terms are … problematic. We take issue with the former for obvious reasons. But we have a new argument against the latter.

We’ll do our best to summarize. But it was best explained during our webinar, ‘Security awareness is dead (or dying)’ by Tide’s Security Culture & Awareness Analyst, Shaketa Welch.

If you missed it, don’t sweat it, you can watch it on demand here, for free!

Alright, so here it goes…

People are just people

Nothing more. Nothing less. Referring to people as “assets” may seem like a compliment, but it’s actually a little dehumanizing.

And, according to Shaketa, it’s not surprising that the security industry doesn’t see the problem, because there’s generally a lack of “human-to-human touch”. In other words, it’s been the norm to treat people like another cog in the machine, and not like … wait for it … people.

It’s the reason security professionals use complicated language, fearmonger, generally say things that put people off, and assign the kind of security awareness training that makes people want to call in sick.

Ceri Jones quote tech webinar

So, this is what it comes down to: security professionals just aren’t doing enough to reach people. But most won’t admit it. Instead, they say things like “people just don’t care about security”. And that may be true. But there’s more to it than that.

If people weren’t receptive to security messaging, they wouldn’t lock their cars or hide their pin codes at the ATM. The right messaging is the messaging that changes behavior and gets people to take action. 

Unfortunately, most professionals don’t have the confidence to push boundaries and go against the grain. But the tide is changing. Traditional security awareness is dying, and giving way to solutions that actually put humans (and human behavior) first.

Want to know more about the death of security awareness, and how you can move on? Watch our free security awareness webinar

tech webinar watch on demand
Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

How to unlock CAM’s huge potential for behavior change

How to unlock CAM’s huge potential for behavior change

Cybersecurity Awareness Month is here. It’s the once-in-a-year opportunity where the spotlight shines bright on security. I wanted to take the opportunity to highlight some of the things CybSafe are doing to support organizations with their CAM initiatives, and call out the great work done by the...