Page 169 - Cyber Defense eMagazine August 2024
P. 169
daily decisions are made more automatically. In these instances, the brain manages information overload
by relying on shortcuts. Here are some real-life examples of choice architecture:
At a supermarket checkout, there will always be a shelf. The choice of what to place on it is an example
of "architecting" the choice. Placing confectionery at the checkout promotes unhealthy choices, while
placing water, vegetables, and fruit promotes healthier decisions.
Numerous studies on nudging have been conducted in school cafeterias, focusing on guiding children
towards healthier choices. Researchers discovered that simple strategies, such as making fruits and
vegetables more appealing with creative names or placing them at eye level for convenience, positively
influenced children's choices. Additionally, normalizing the choice by having servers ask, "Would you like
to try this?" also proved effective.
Effective Nudges and Behavioral Models
Effective nudges leverage an understanding of cognitive biases and behavioral science to craft messages
with maximum impact. This involves not just wording but also context and timing. Several models can
help conceptualize how to apply nudges. The MINDSPACE acronym, developed by the UK government’s
Nudge Unit or Behavioral Insights Team, offers a framework. For the most straightforward applications
of nudging, we focus on tweaking and refining messages we already send. If we're already
communicating with our organization about security awareness, we should consider how to make those
messages as effective as possible. Each letter in MINDSPACE represents a key element to consider for
enhancing the impact of a nudge. For instance, M for Messenger emphasizes the influence of the
information source, and P for Priming highlights the impact of subconscious cues.
A simpler alternative to MINDSPACE, developed by the Behavioural Insights Team, is the EAST model.
This model highlights the key characteristics of an effective nudge by suggesting that effective nudges
target behaviors that are easy to perform, attractive, social, and timely.
Designing nudges goes beyond merely fine-tuning messages; it involves creating environments where
desired behaviors are effortless, and messages are delivered at the right time. While nudge theory can
refine communication wording, models like MINDSPACE and EAST underscore the critical role of
timeliness and relevance. Messages in Slack, Teams, or emails are effective only if they address relevant
risks or behaviors in those platforms. If not, they fail the timeliness and relevance test and may just come
across as nagging.
Challenges with Traditional Approaches to Cybersecurity Training
In the cybersecurity field, traditional methods often overlook how people learn and behave. Annual e-
learning or PowerPoint presentations are untimely, lack context, and rarely facilitate ease of
understanding. In fact, recent research revealed that 60% of cybersecurity professionals only receive training
once a year (or even less frequently!) Given that cyber threats are constantly evolving, this sort of "snapshot"
training doesn't go far enough to help keep your people up to date on the latest cybersecurity threats. Tools
Cyber Defense eMagazine – August 2024 Edition 169
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
