As threat landscapes widen and digital transformations accelerate, the business impact and cost of cyber breaches continue to rise. Consequently, organizations that are cyber-mature have placed sharp focus on reducing their risks through technology and process improvements. However, over 80% of cybersecurity breaches involve humans, and you can’t simply deploy a technology firewall on your in-house and third-party employees.
As such, cybersecurity awareness training has emerged as an important tool in the battle against cybersecurity attacks. But beyond simply being unengaging, these generic trainings preach cookie-cutter risk-adverse behavior that simply doesn’t align with how many people behave.
How to Educate Risk-Maker Employees
Presented with a mysterious big red button, some individuals are just going to press it. They have a spontaneous need to figure out what it does and a confidence level in their own decision. An indomitable curiosity drives them to learn and understand even if it comes with elevated risks. Curiosity killed the cat is the common phrase, but this curiosity is also a big driver of innovation.
Generic cybersecurity training is unlikely to change these individuals’ behavior. They love taking charge and are willing to take risks and a 10-minute video just isn’t going to change that. If this sounds like you, then you might be a Risk-Maker.
Such individuals might be seen as a massive risk to cybersecurity professionals, but they can’t simply be given up on. Their creativity and talent, while perhaps a little wild, is far too valuable to ignore. Whereas traditional one-size-fits-all training might fail, education that considers existing behavior is effective in engaging the most risk-tolerant among us. From here, behavior can be tailored to make a Risk-Maker less risky for the organization.
Four Risk Profiles for Better Cybersecurity Training
Four core risk profiles have been covered in this series: Risk-Takers, Risk-Breakers, Risk-Shakers and Risk-Makers. In truth, each individual has their own unique profile – a composite of the four. Unique is the keyword. Each person has their own relationship with risk that requires a customized educational journey. You wouldn’t install software on an incompatible system, so why would you give employees incompatible training?
Understanding your risk profile is an important first step in developing your relationship with risk to become a more secure cyber-citizen both at home and work.
ISG and CyberconIQ are partnering to bring this innovative style-aligned education to you so that we can all play a stronger, mindful role in cybersecurity. Contact ISG for more information on risk-profiles and how they can benefit you and your organization.