One of the biggest, if not the biggest, risks in cybersecurity is human behaviour.
More than three quarters of security breaches result from human action or errors.
But the cybersecurity industry focuses more on technical security measures, and securing devices, than on understanding the human factors.
Human risk management sets out to change this. Its supporters say that the only way to have a true picture of risk is by measuring what people do on networks and systems.
And it’s only once we have that picture that we can implement the right controls, and measures such as security awareness and training.
But human risk management goes far beyond anti-phishing campaigns. It’s about viewing human behaviour through the eyes of a hacker, mapping it to threats, and using data to understand whether to act, or accept the risk.
Our guest is Ashley Rose, co-founder and CEO of Living Security.
She argues that we need to understand human risk if we are to protect our organisations against cyber threats.
And we also need to prepare for AI tools that increasingly mimic human behaviour, but are able to work without human oversight. Agentic AI brings a new set of risks, not least because its behaviour, at least on the surface, is closer to a human’s than a machine’s.
CISOs, she says, should be taking the lead on both human and AI security; they should become security “influencers” within the business.
Featured image: Image by Martin Redlin from Pixabay
