InfoconDB

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 2:30 p.m. (40 minutes)

The security industry's traditional approach to mitigating human risk is predicated on the assumption that individuals will make the right security decisions if they have enough training and fear of the consequences. Years of security research indicates otherwise. This briefing will share key insights from nearly a dozen security training research studies and analysis of several dozen security behavioral change campaigns to more than 65,000 employees across industries. We will show why traditional training approaches are ineffective in changing behaviors. Instead, our findings highlight techniques such as personal relevance, social proof, leveraging intrinsic motivation, and tight-feedback loops are key factors to reduce human risk. This talk will explain why these behavioral change techniques are found to be most effective. We will then share concrete examples of how security teams can leverage these techniques to effectively reduce human risks such as phishing, malware downloads, and sensitive data handling in their own organizations.

Presenters:

Masha Sedova - Co-Founder, Elevate Security
Masha Sedova is an award-winning people-security expert, speaker, and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security super-humans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners, and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Black Hat, RSA, ISSA, Enigma, and SANS.

Mind Games: Using Data to Solve for the Human Element

Presenters:

Links:

Similar Presentations: