Call us about IT Support in London 020 7572 0000
It appears we humans aren’t helping enough with cyber security.
In fact, we are our own worst enemies according to 2020’s DBIR finding that 67% of breaches come from credential theft, errors and social attacks.
Verizon Media’s information security team, who call themselves The Paranoids, felt traditional security awareness training wasn’t cutting the mustard. It didn’t mimic real life or parallel behaviours that led to breaches, nor measure against real attacks.
They turned to Huang and Pearlson’s cyber security model that believes the right behaviour is driven by values, attitudes and beliefs visible at leadership, group and individual level. Influencing how employees prioritise and practice cyber security allows managers to create the right culture.
And it worked. Over two years they:
- Tripled the adoption of password management software.
- Halved phishing susceptibility.
- Doubled accurate phishing reports.
Success is based on three steps:
- Identify a specific action that stops attacks.
- Measure it against a baseline.
- Test managerial mechanisms to improve the numbers, in other words - continuous improvement.
You can find Huang and Pearlson’s academic paper here and a case study on Verizon Media here.
The image is taken from the cover of the DBIR
