The introduction to putting behavior change into practice in cybersecurity emphasizes the need for analytical skills to address specific behavioral problems within an organization. These skills are crucial for identifying and understanding the problem and predicting potential reactions to interventions. After this analysis, selecting the right approach is key to effectively influencing security behaviors.
One approach is to adjust the reward and penalties system within the cybersecurity framework, thereby encouraging secure behavior through incentives and deterrents. However, using the wrong approach can exacerbate the problem, making it vital to carefully choose the right strategy.
The recommended paper by Ashenden and Lawrence, titled “Can we sell security like soap? A new approach to behaviour change,” explores the idea of applying a social marketing approach to cybersecurity behavior change. The authors argue that, like marketing campaigns that successfully change consumer behavior, security can be “sold” to users in a way that makes it more appealing and easier to adopt. By understanding the target audience and tailoring the security engagement program to fit their needs and behaviors, organizations can more effectively influence positive security practices.
This paper provides an example of how to adjust security engagement programs to more effectively influence security behaviors, suggesting that a well-thought-out approach, akin to social marketing, can lead to more successful behavior change in cybersecurity.
For further reading and a deeper understanding, the reference is:
- Ashenden, D. and Lawrence, D. (2013). “Can we sell security like soap? A new approach to behaviour change.” Proceedings of the 2013 New Security Paradigms Workshop, pp. 87-94.
We love to share our knowledge on current technologies. Our motto is ‘Do our best so that we can’t blame ourselves for anything“.