Here’s the thing. Your cybersecurity goals are very noble. You know the risks you want to avoid, and that’s great.
Except it could all count for nothing.
If you’re a security awareness professional, don’t quit your job just yet. We want to get you on your way to making real change.
We’ll tell you a little about how to do that now. But if you want some real insight, register for our free webinar, ‘How to use SebDB to reduce your human risk’.
Here’s where human risk management is going so very wrong
1. You think training is the answer
Your people attend regular security awareness training. They pass the tests at the end, every time. But having people tick some boxes won’t dial down your human risk. Never has, never will.
Awareness is good to have, sure, but it doesn’t change behavior. Yet organizations keep assigning more traditional security awareness training to their people. Yes, we’re puzzled too.
To put it plainly, traditional security awareness training is ineffective. It doesn’t influence security behaviors, and anyone telling you otherwise … is probably selling traditional security awareness training.
2. Your focus is too broad
You have your goals and you’re very proud of them. Things like “reduce malware infections”.
But the problem is, that’s only the outcome. That’s not how you get there. To make a real difference, you have to get strategic. You have to set specific goals.
And no, we’re not saying burn your goals down and run off into the woods.
But if you’re not looking at the security behaviors linked to your risks, then you’re not getting specific enough.
3. You’re not using SebDB
Speaking of security behaviors …
We know mapping security behaviors to risk-related outcomes isn’t exactly straightforward. That’s why we built SebDB.
And what’s SebDB, you ask? Only the world’s most comprehensive security behaviors database. No biggie.
Oh, and it’s free.
Academics and industry experts teamed up to create this database that maps over 70 specific security behaviors linked to security risks.
And it exists to help people just like you identify security behaviors and figure out exactly which ones your organization needs to prioritize.
The industry’s been stuck on ineffective approaches to human cyber risk for far too long. But we’re changing that. You want to start reducing your human risk. And we want to show you where to start.