“Imagine a future where instead of placing all of the onus on the employees, security actually adapts their technology and their processes to the people they are trying to protect,” Jinan Budge, a principal analyst with Forrester, said during the Forrester Security & Risk Forum 2022 on Nov. 8.
Right now, security awareness and training largely rely on outdated, compliance-based training. Most employees consider security training a boring task that takes away time they need to do their jobs. Budge outlined a different approach that could have the power to change the perception and efficacy of organizations’ security.
Understanding Security Behaviors
Budge advocated for organizations to expand their idea of security behaviors. Phishing link click rates are a common measure of security program success, but this is just one human behavior. “Security behaviors can include things like using a password manager, using multifactor authentication, using VPNs, locking your devices,” Budge explained.
Each security behavior is linked to potential risk. If organizations do not recognize those behaviors, their security programs cannot minimize the associated risk.
