avatarNuno Campos

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

1840

Abstract

="https://www.pexels.com/photo/security-logo-60504/">Photo by Pixabay</a></figcaption></figure><p id="977e">But the common user training and awareness programs being practiced for the last few years are not particularly effective. We need to understand that very few people are going to read those security policies or IT memos about security problems.</p><p id="f617">So how can organizations improve their users’ training to give them the required awareness and knowledge to be as safe as possible?</p><h2 id="6ec1">Hack people’s brain</h2><p id="e0e0">One of the most insidious forms of attack is social engineering, where an attacker uses deception and manipulation to trick victims into divulging sensitive information or performing actions that compromise security. Attackers will often do their homework, studying their victims and tailoring their attacks to seem like a legitimate request.</p><p id="4725">So, if we apply the same social engineering principles to security and awareness training, we could say that “hacking the brain” of the users could be a way to make them more aware of this problem.</p><h2 id="46ae">But what does “hack the brain” mean?</h2><p id="246e">It means understanding how people like to learn and what drives them. For example, for young people, one way to make them engaged in these security awareness programs could be to “gamify” the training sessions.</p><p id="7059">Continuous and adaptive programs that provide knowledge and experience are more likely to be successful. When someone is caught in a phishing attack test, for example, explaining to him, using that email, what precautions he should take in the future will surely make him more focused on security concerns from that day on.</p><figure id="eddf"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*2EySk_dzoWoxBswh8nVL

Options

ug.jpeg"><figcaption><a href="https://www.pexels.com/photo/man-in-gray-sweater-sitting-beside-two-women-7675014/">Photo by Pavel Danilyuk</a></figcaption></figure><p id="5b40">Protecting users is critical to an effective defense, but each organization and group of people is unique. So it is mandatory to invest in finding the most efficient strategy for each one.</p><blockquote id="cfa0"><p>We realize that there are many things we can take from the behavioral sciences and psychology that have been available for many years and that we already know to truly help people in a positive way to develop their defensive skills. — <b>Niklas Hellemann, CEO of SoSafe, a next-gen Security Awareness Platform startup</b></p></blockquote><p id="3a92"><i>Check out all my stories <a href="https://medium.com/@nuno.f.s.campos">here</a>.</i></p><p id="a85f"><i>Click <a href="https://medium.com/subscribe/@nuno.f.s.campos">here</a> to be notified every time I publish a new story. It’s free 😉.</i></p><p id="c638"><i>If you’re not a Medium member yet and wish to support me or get access to all my stories, click <a href="https://medium.com/@nuno.f.s.campos/membership">here</a>.</i></p><div id="aad5" class="link-block"> <a href="https://medium.com/@nuno.f.s.campos/membership"> <div> <div> <h2>Join Medium with my referral link - Nuno Campos</h2> <div><h3>Read every story from Nuno Campos (and thousands of other writers on Medium). Your membership fee directly supports…</h3></div> <div><p>medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*HOf4whEwEH-aTq6k)"></div> </div> </div> </a> </div></article></body>

Security Awareness and Hacking the Brain

No organization is immune to data breaches, as evidenced by the recent string of high-profile incidents. While the causes of these breaches vary, they all have one thing in common: sensitive data was put at risk.

Photo by Tima Miroshnichenko

Data breaches can have a devastating impact on both the organizations involved and the individuals whose data was compromised. In addition to the obvious financial costs, data breaches can also lead to loss of customer trust, reputational damage, and legal liability.

Let’s face it: by now, we've all heard that users are the weakest link in an organization's security structure. This is because they are the ones who are most likely to fall for phishing scams, click on malicious links, and open attachments from unknown senders. While organizations can put up barriers to prevent these things from happening, ultimately it is up to users to be vigilant and exercise caution when it comes to online activity.

One of the best ways to combat these threats is through user awareness and education. Organizations should make sure that their users know how to spot a phishing email, what to do if they receive one, and how to avoid clicking on malicious links. Additionally, regular security training can help users stay up-to-date on the latest threats and how to protect themselves.

Photo by Pixabay

But the common user training and awareness programs being practiced for the last few years are not particularly effective. We need to understand that very few people are going to read those security policies or IT memos about security problems.

So how can organizations improve their users’ training to give them the required awareness and knowledge to be as safe as possible?

Hack people’s brain

One of the most insidious forms of attack is social engineering, where an attacker uses deception and manipulation to trick victims into divulging sensitive information or performing actions that compromise security. Attackers will often do their homework, studying their victims and tailoring their attacks to seem like a legitimate request.

So, if we apply the same social engineering principles to security and awareness training, we could say that “hacking the brain” of the users could be a way to make them more aware of this problem.

But what does “hack the brain” mean?

It means understanding how people like to learn and what drives them. For example, for young people, one way to make them engaged in these security awareness programs could be to “gamify” the training sessions.

Continuous and adaptive programs that provide knowledge and experience are more likely to be successful. When someone is caught in a phishing attack test, for example, explaining to him, using that email, what precautions he should take in the future will surely make him more focused on security concerns from that day on.

Photo by Pavel Danilyuk

Protecting users is critical to an effective defense, but each organization and group of people is unique. So it is mandatory to invest in finding the most efficient strategy for each one.

We realize that there are many things we can take from the behavioral sciences and psychology that have been available for many years and that we already know to truly help people in a positive way to develop their defensive skills. — Niklas Hellemann, CEO of SoSafe, a next-gen Security Awareness Platform startup

Check out all my stories here.

Click here to be notified every time I publish a new story. It’s free 😉.

If you’re not a Medium member yet and wish to support me or get access to all my stories, click here.

Productivity
Security
Awareness
Hacking
Illumination
Recommended from ReadMedium