Why User Awareness Training Misses the MarkOz Alashe, CEO of CybSafe, Discusses New Approaches to Changing User Behavior
A great deal of awareness training has been offered to users - including phishing simulations - but none of it seems to have led to a significant change in their poor security behaviors and decision-making skills, says Oz Alashe, CEO of CybSafe.
"The idea that knowledge and behavior change is the same thing is just not true. The evidence doesn’t back it up," he says.
In a video interview with Information Security Media Group at RSA Conference 2022, Alashe discusses:
- What's needed to change users' security behaviors;
- Behavioral change models to improve users' security conduct;
- How to prevent data breaches and other security incidents.
Alashe, who was a lieutenant colonel in the U.K. Special Forces, is focused on making society more secure by helping organizations address the human aspect of cybersecurity. He chairs the U.K. Government's Cyber Resilience Expert Advisory Group and sits on the advisory board for the Research Institute in Sociotechnical Cyber Security. He is also an Expert Fellow at The Security, Privacy, Identity and Trust Engagement NetworkPlus and the Royal United Services Institute.