According to this post, it’s important to take an innovative approach when it comes to cyber security as conventional means (such as posters or one-time awareness training) do not change behavior. Further, the post suggests risk-mitigating behaviors must become automatic so they are not forgotten when people are absorbed in their roles.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...