The traditional approach to mitigating human risk in the security industry is ineffective. Instead, techniques such as personal relevance, social proof, leveraging intrinsic motivation, and tight-feedback loops are key factors to reduce human risk.
- Human risk is one of the largest unsolved problems in security, with human errors being the top reason for successful breaches.
- Traditional one-size-fits-all annual security training is ineffective in changing behaviors.
- Techniques such as personal relevance, social proof, leveraging intrinsic motivation, and tight-feedback loops are key factors to reduce human risk.
- Motivation needs to be applied in addition to training to get employees to want to take the training and adjust their knowledge levels.
- Elevate Security is a leading human risk management platform constantly keeping on top of the latest research in the space.
The speaker noticed that often employees are made to do security, but she was obsessed with the question of what it would look like if employees wanted to do security instead of having to. She explored concepts outside of security like behavioral science and positive psychology to create more robust defenses as it relates to the human element.