Page 170 - Cyber Defense eMagazine August 2024
P. 170

like phishing simulations or SIEM-based behavioral analyses that follow up with training also fall short as
            they often come too late and may be perceived as punitive.



            Use Nudge Theory for More Effective Training

            The  ideal  solution  lies  in  timely,  context-aware  interventions,  delivered  at  the  moment  the  behavior
            occurs.  Nudge-based  approaches  hold  significant  potential  for  enhancing  security  awareness  by
            leveraging  context  and  timeliness  to  embed  desired  behaviors.  What  does  applying  this  to  security
            awareness training look like?

               •  Make it Timely - Annual or even quarterly awareness efforts are insufficiently timely. Instead, we
                   should  consider  drip-feeding  content  more  frequently  throughout  the  year,  ensuring  it  is  an
                   ongoing  effort.  Additionally,  making  the  content  topical  can  leverage  the  availability  heuristic;
                   linking  it  to  current  news  or  making  it  personal  by  referring  to  individuals'  personal  lives  and
                   security can make it more impactful.
               •  Make it contextual  – Providing  nudges with  pragmatic  advice, at the moment  of greatest  risk,
                   really helps people understand the impact their actions may have and make the safer choice.
               •  Make  your  awareness  easily  accessible  and  user-friendly  -  Keep  it  quick  and  simple  to
                   understand, offering advice that is easy to follow and actionable.
               •  Motivate People - Assist people with threat assessment by setting it in a personal context, which
                   we found to be highly effective. Since we care deeply about protecting ourselves and our families,
                   we  are  more  likely  to  pay  attention.  Incorporating  real  examples,  stories,  and  curiosity  can
                   significantly enhance the saliency and relevance.

            People don't always make rational decisions! Nudge theory explains that our brains often take shortcuts,
            influenced by cognitive biases and context. Our goal is to leverage this tendency to guide people towards
            actions  that are in their best interest.  Nudging  involves designing  the choice  environment,  recognizing
            that there will always  be a choice architecture.  Therefore,  we should  "architect  it" to achieve  the most
            positive outcomes.

            By examining examples of effective nudges, the MINDSPACE model, other behavioral frameworks, and
            in-the-moment nudges, we can explore how to run campaigns to steer behaviors, what effective nudges
            look like, how to deliver them, and their potential impact.



            About the Author

            Tim Ward is CEO and Co-Founder of Think Cyber Security Ltd. Tim has worked in IT
            for over 25 years with organisations including Logica, PA Consulting, Sepura and was
            previously Global Head of IT for the cyber division of BAE Systems (Detica).

            Tim can be reached online at https://www.linkedin.com/in/tim-ward-cyber/  and at our
            company website https://thinkcyber.co.uk/






            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          170
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   165   166   167   168   169   170   171   172   173   174   175