SlideShare a Scribd company logo

Expressworks Perspective on Human Behavior and Cyber Security

Download as PPTX, PDF
Expressworks International
Expressworks International

Want to understand how we incorporate behavior science and cyber security? Download the presentation we gave to the Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference in August, 2015.

Business
1 of 17
© EXPRESSWORKS Cyber security and Human Behaviors Presenters: Hend Ezzeddine Catherine Zaruba Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference
Only amateurs attack machines; professionals target people. Bruce Schneier
Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
4 With more connectivity comes more risks… Human error is a major concern © EXPRESSWORKS *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015 A comprehensive identity-theft kit containing a health insurance record can be worth as much as $1,000 Incidents among healthcare payers and providers soared 60% over 2013,..an increase that was almost double that reported by all industries. Investment in information security increased 66% over 2013
5 Technology is not enough… Human error is a major concern 88% Spear phishing 70% Biggest cyber security threat in healthcare 40% Root cause of the healthcare organizations’ data breach © EXPRESSWORKS Cause of security incidents In healthcare Employee negligence Unintentional employee action *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015
6 Most organizations adopt a fragmented response to cyber threats Human error is a major concern © EXPRESSWORKS Use mobile devices to exchange data and provide servicesHealthcare provider The patient Access complete medical records online Healthcare payer Lower cost and speed payments Security professional Protect sensitive data
Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
8 Are you satisfied with every performance aspect of your cyber security effort? Integrating Behavioral change to reduce human error © EXPRESSWORKS Minimizing human errors calls for a multi-disciplinary approach to cyber security and behavioral change is one of them. How to reduce human errors?
Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
10 Security related-behaviors are usually a response to visual or informational triggers Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train the users to avoid cyber threats Design of Security Technology Reinforce security compliance What human behaviors need to be reinforced?
11 Apply Human Performance engineering to your design Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Active warning Require the user to deliberately decide accessing a web site or downloading an attachment Passive warning Provide the user with a warning message and the option to learn more and/or disregard the warning
12 Use perceptual learning to effectively train users Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Spear phishing training Pay close attention to the email address Is the message personally addressed to you? Is there an immediate action required from you? . Is there a link or an attachment? Train specific visual skills that require split-second decisions.
13 Use “operational security” techniques to keep your staff alert Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train them to recognize pretexting or social enginnering incidents Test them frequently to help them practice in real-time and gain consistency Once they have succeeded a few times, they will spread the word
14 Maintain compliance by promoting the right behavior Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS This email is to notify you that it is time to change your password. Click here to change your password. Complying with our security compliance will allow you to maintain your access and keep your data safe. Please do your part in maintaining that. Did you know… 85% of our customers comply with our password change policy. Please do your part in maintaining this high performance compliance. Social Proof - the evidence of the crowd. People’s behavior is largely shaped by the behaviors of others around them. Prospect Theory- By framing an action as a gain rather than a loss makes people more likely to take it. Email notification to change your password
15 Integrating behavioral change is key to reinforcing cyber resilience Today’s key learning © EXPRESSWORKS I have diversified work assignments and access to the right training. I understand our cybersecurity solution and how to measure its effectiveness. I own cybersecurity for myself and my organization I feel empowered to make the right decisions and can access the C- suite/board as needed
16 Doing without doing… Closing Comments © EXPRESSWORKS Once people adopt the right behaviors, complying with cyber security will become a second nature…Everyone in your organization will know what to do with minimum guidance. Leonard Bernstein Haydn Symphony No 88
17 We are ready for your questions… Thank you for your attention © EXPRESSWORKS

Recommended

cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
Shreedeep Rayamajhi
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
vikram vashisth
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 

Recommended

cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
Shreedeep Rayamajhi
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
Tuan Phan
 
Supply chain-attack
Supply chain-attackSupply chain-attack
Supply chain-attack
vikram vashisth
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
chuckbt
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
Krutarth Vasavada
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
Harsh Kevadia
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
HR Globe Consulting
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
RambilashTudu
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
Prime Infoserv
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
3Sixty Insights
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
slametarrokhim1
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
Vladimir Jirasek
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
Expressworks International
 
Design for behavioral change (by David Pas)
Design for behavioral change (by David Pas)Design for behavioral change (by David Pas)
Design for behavioral change (by David Pas)
Verhaert Masters in Innovation
 

More Related Content

What's hot

Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Application Security
Application SecurityApplication Security
Application Security
florinc
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
HR Globe Consulting
 

What's hot (20)

Application Security
Application SecurityApplication Security
Application Security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
STRIDE And DREAD
STRIDE And DREADSTRIDE And DREAD
STRIDE And DREAD
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Application Security
Application SecurityApplication Security
Application Security
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Session Hijacking ppt
Session Hijacking pptSession Hijacking ppt
Session Hijacking ppt
 
Grc governance, risk management & compliance
Grc governance, risk management & complianceGrc governance, risk management & compliance
Grc governance, risk management & compliance
 
Cyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptxCyber Security – Challenges [Autosaved].pptx
Cyber Security – Challenges [Autosaved].pptx
 
VAPT Services by prime
VAPT Services by primeVAPT Services by prime
VAPT Services by prime
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metrics
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 

Viewers also liked

DissertaRoberto Suse versão final
DissertaRoberto Suse versão finalDissertaRoberto Suse versão final
DissertaRoberto Suse versão final
Roberto Suse
 
The internet
The internetThe internet
The internet
eshell12
 
Total Manufacturing Excellence Conference - Eqypt
Total Manufacturing Excellence Conference - EqyptTotal Manufacturing Excellence Conference - Eqypt
Total Manufacturing Excellence Conference - Eqypt
Syed Ashar Ali
 
Tesi di Laurea Triennale preview
Tesi di Laurea Triennale previewTesi di Laurea Triennale preview
Tesi di Laurea Triennale preview
Enrica Fontana
 
Brains, Games & Behavior Change
Brains, Games & Behavior ChangeBrains, Games & Behavior Change
Brains, Games & Behavior Change
Dustin DiTommaso
 
Cancheck
CancheckCancheck
Cancheck
ICP DAS USA, Inc.
 
What Is CareBooker? The Service Provider Edition
What Is CareBooker? The Service Provider EditionWhat Is CareBooker? The Service Provider Edition
What Is CareBooker? The Service Provider Edition
CareBooker.com
 

Viewers also liked (20)

Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
 
Design for behavioral change (by David Pas)
Design for behavioral change (by David Pas)Design for behavioral change (by David Pas)
Design for behavioral change (by David Pas)
 
Autism Network for Global Education and Lifelong Support
Autism Network for Global Education and Lifelong SupportAutism Network for Global Education and Lifelong Support
Autism Network for Global Education and Lifelong Support
 
DissertaRoberto Suse versão final
DissertaRoberto Suse versão finalDissertaRoberto Suse versão final
DissertaRoberto Suse versão final
 
FISICA - caceda , chavarry
FISICA - caceda , chavarryFISICA - caceda , chavarry
FISICA - caceda , chavarry
 
Business Today: Tomorrow's Goliaths
Business Today: Tomorrow's GoliathsBusiness Today: Tomorrow's Goliaths
Business Today: Tomorrow's Goliaths
 
Charity Drive Report
Charity Drive ReportCharity Drive Report
Charity Drive Report
 
The internet
The internetThe internet
The internet
 
Awareness is only the first step
Awareness is only the first stepAwareness is only the first step
Awareness is only the first step
 
Total Manufacturing Excellence Conference - Eqypt
Total Manufacturing Excellence Conference - EqyptTotal Manufacturing Excellence Conference - Eqypt
Total Manufacturing Excellence Conference - Eqypt
 
Measuring Sustainability Performance
Measuring Sustainability PerformanceMeasuring Sustainability Performance
Measuring Sustainability Performance
 
Tesi di Laurea Triennale preview
Tesi di Laurea Triennale previewTesi di Laurea Triennale preview
Tesi di Laurea Triennale preview
 
Brains, Games & Behavior Change
Brains, Games & Behavior ChangeBrains, Games & Behavior Change
Brains, Games & Behavior Change
 
Shaping Behavior by Design SxSW 2016
Shaping Behavior by Design SxSW 2016Shaping Behavior by Design SxSW 2016
Shaping Behavior by Design SxSW 2016
 
Don’t judge a book by its cover
Don’t judge a book by its coverDon’t judge a book by its cover
Don’t judge a book by its cover
 
Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters Agile concepts and opportunities for contract management r walters
Agile concepts and opportunities for contract management r walters
 
Cancheck
CancheckCancheck
Cancheck
 
Rj1
Rj1Rj1
Rj1
 
What Is CareBooker? The Service Provider Edition
What Is CareBooker? The Service Provider EditionWhat Is CareBooker? The Service Provider Edition
What Is CareBooker? The Service Provider Edition
 
ICP DAS USA Full Catalog
ICP DAS USA Full CatalogICP DAS USA Full Catalog
ICP DAS USA Full Catalog
 

Similar to Expressworks Perspective on Human Behavior and Cyber Security

Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
ITSM Academy, Inc.
 
Writing Portfolio
Writing PortfolioWriting Portfolio
Writing Portfolio
Perry Ah
 

Similar to Expressworks Perspective on Human Behavior and Cyber Security (20)

Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Writing Portfolio
Writing PortfolioWriting Portfolio
Writing Portfolio
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Enhancing Cyber Security Awareness: Building a Safer Digital World
Enhancing Cyber Security Awareness: Building a Safer Digital WorldEnhancing Cyber Security Awareness: Building a Safer Digital World
Enhancing Cyber Security Awareness: Building a Safer Digital World
 
5 Best Practices For Network Security
5 Best Practices For Network Security5 Best Practices For Network Security
5 Best Practices For Network Security
 
ISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security cultureISACA talk - cybersecurity and security culture
ISACA talk - cybersecurity and security culture
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 
Securing Wearable Device Data
Securing Wearable Device DataSecuring Wearable Device Data
Securing Wearable Device Data
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
 
The Science of Security
The Science of SecurityThe Science of Security
The Science of Security
 
10 Most Important Strategies for Cybersecurity Risk Mitigation.pdf
10 Most Important Strategies for Cybersecurity Risk Mitigation.pdf10 Most Important Strategies for Cybersecurity Risk Mitigation.pdf
10 Most Important Strategies for Cybersecurity Risk Mitigation.pdf
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
KnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdfKnowBe4-Presentation-Overview.pdf
KnowBe4-Presentation-Overview.pdf
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Cultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurityCultivate a stronger corporate culture to enhance cybersecurity
Cultivate a stronger corporate culture to enhance cybersecurity
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 

Recently uploaded

Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 

Recently uploaded (20)

Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 

Expressworks Perspective on Human Behavior and Cyber Security

  • 1. © EXPRESSWORKS Cyber security and Human Behaviors Presenters: Hend Ezzeddine Catherine Zaruba Center for Medicare and Medicaid Services’ Security Control Oversight & Update Training (CSCOUT) conference
  • 2. Only amateurs attack machines; professionals target people. Bruce Schneier
  • 3. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
  • 4. 4 With more connectivity comes more risks… Human error is a major concern © EXPRESSWORKS *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015 A comprehensive identity-theft kit containing a health insurance record can be worth as much as $1,000 Incidents among healthcare payers and providers soared 60% over 2013,..an increase that was almost double that reported by all industries. Investment in information security increased 66% over 2013
  • 5. 5 Technology is not enough… Human error is a major concern 88% Spear phishing 70% Biggest cyber security threat in healthcare 40% Root cause of the healthcare organizations’ data breach © EXPRESSWORKS Cause of security incidents In healthcare Employee negligence Unintentional employee action *Ponemon Institute, Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, May 2015
  • 6. 6 Most organizations adopt a fragmented response to cyber threats Human error is a major concern © EXPRESSWORKS Use mobile devices to exchange data and provide servicesHealthcare provider The patient Access complete medical records online Healthcare payer Lower cost and speed payments Security professional Protect sensitive data
  • 7. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
  • 8. 8 Are you satisfied with every performance aspect of your cyber security effort? Integrating Behavioral change to reduce human error © EXPRESSWORKS Minimizing human errors calls for a multi-disciplinary approach to cyber security and behavioral change is one of them. How to reduce human errors?
  • 9. Agenda © EXPRESSWORKS Why human error should be a major concern? How to integrate behavioral change to reduce human error? How to apply behavioral change to reinforce cyber resilience?
  • 10. 10 Security related-behaviors are usually a response to visual or informational triggers Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train the users to avoid cyber threats Design of Security Technology Reinforce security compliance What human behaviors need to be reinforced?
  • 11. 11 Apply Human Performance engineering to your design Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Active warning Require the user to deliberately decide accessing a web site or downloading an attachment Passive warning Provide the user with a warning message and the option to learn more and/or disregard the warning
  • 12. 12 Use perceptual learning to effectively train users Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Spear phishing training Pay close attention to the email address Is the message personally addressed to you? Is there an immediate action required from you? . Is there a link or an attachment? Train specific visual skills that require split-second decisions.
  • 13. 13 Use “operational security” techniques to keep your staff alert Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS Train them to recognize pretexting or social enginnering incidents Test them frequently to help them practice in real-time and gain consistency Once they have succeeded a few times, they will spread the word
  • 14. 14 Maintain compliance by promoting the right behavior Applying behavioral change to reinforce cyber resilience © EXPRESSWORKS This email is to notify you that it is time to change your password. Click here to change your password. Complying with our security compliance will allow you to maintain your access and keep your data safe. Please do your part in maintaining that. Did you know… 85% of our customers comply with our password change policy. Please do your part in maintaining this high performance compliance. Social Proof - the evidence of the crowd. People’s behavior is largely shaped by the behaviors of others around them. Prospect Theory- By framing an action as a gain rather than a loss makes people more likely to take it. Email notification to change your password
  • 15. 15 Integrating behavioral change is key to reinforcing cyber resilience Today’s key learning © EXPRESSWORKS I have diversified work assignments and access to the right training. I understand our cybersecurity solution and how to measure its effectiveness. I own cybersecurity for myself and my organization I feel empowered to make the right decisions and can access the C- suite/board as needed
  • 16. 16 Doing without doing… Closing Comments © EXPRESSWORKS Once people adopt the right behaviors, complying with cyber security will become a second nature…Everyone in your organization will know what to do with minimum guidance. Leonard Bernstein Haydn Symphony No 88
  • 17. 17 We are ready for your questions… Thank you for your attention © EXPRESSWORKS

Editor's Notes

  1. People’s behaviors are currently a major source of cyber security threats.
  2. Source: 1. PwC, The Global State of Information Security Survey, 2015 2. Dell SecureWorks, Hackers Sell Health Insurance Credentials, Bank Accounts, SSNs and Counterfeit Documents, for over $1,000 Per Dossier, July 15, 2013 3. PwC, The Global State of Information Security Survey, 2015
  3. A closer look at the nature of cyber security incidents pinpoints that relying on technology is not enough. Most of incidents are not caused by a technological failure, but human errors that could have been prevented through a more holistic approach.
  4. Technology-centric and compliance-driven cybersecurity initiatives deepen the gap between the need to protect company assets and the reliance on connectivity to thrive as a business. This gap is what drives the wrong human behavior and increase human errors, putting the entire organization at risk. When the solutions include the people side, cybersecurity becomes everyone’s responsibility.
  5. Software and Hardware performance is what most companies focus on Human performance relates to adopting the right culture, expressed through safe behaviors Process Performance relates to the operating model of your cyber security approach Leadership performance relates to the commitment and support provided by the C-suite and the board
  6. Focusing on human behavior when designing cyber security technologies, training users on cyber threats and reinforcing compliance is widely recognized as a key element of success. When users are given the tools to recognize cyber threats, they are able to behave in the right way.
  7. Consider which type of security warnings will be most effective in triggering the right behaviors. For example, active warnings will require the user to deliberately decide accessing a web site or downloading an attachment.
  8. Perceptual learning in humans occurs when a person is repeatedly exposed to specific stimuli (information). Perceptual learning involves long lasting and amazing changes to the human perceptual system that incredibly improve one’s ability to respond to the environment.
  9. When training your users or your business partners, use scenario based training that puts individuals under the test. By training them frequently, you will use the effect of “being watched” to your advantage: users are more alert and want to pass the test every single time.
  10. When behavioral science is applied to your communication, you will be able to maximize the effectiveness of your message
  11. Video: Leonard conducting w/o moving a figure because everyone already knows what to do… (from TEDTalk on leadership – he’s there and moving his head, but it’s not very intense. Make sure you link back with the very first slide as we opened up the presentation with one of his quotes ***If you’re on a Mac*** Watch from 2:22s to 3:32s : https://www.youtube.com/watch?v=oU0Ubs2KYUI
  12. Video: Leonard conducting w/o moving a figure because everyone already knows what to do… (from TEDTalk on leadership – he’s there and moving his head, but it’s not very intense. Make sure you link back with the very first slide as we opened up the presentation with one of his quotes ***If you’re on a Mac*** Watch from 2:22s to 3:32s : https://www.youtube.com/watch?v=oU0Ubs2KYUI