Security Staff Acquisition & Development

The people problem (and solution): Challenging cybersecurity awareness assumptions

Rear view shot of a person on a computer in an office.

Cybersecurity awareness is at its core about people. And Cybersecurity Awareness Month — October — is about educating and training people to be smarter about security.

But how realistic is that, really?

This year’s Cybersecurity Awareness Month theme — “See Yourself in Cyber” — was selected by the Cybersecurity and Infrastructure Security Agency to reinforce cybersecurity as a people priority: anchored in partnership, education and individual accountability. It's a noble mission.

But as important as those efforts is recognition of what can’t or won’t be learned and when discipline succumbs to human nature. And with that in mind, perhaps most important of all is figuring out how technology and security strategies can compensate for what might not be fair to lay in the laps of the user community.

Jill Aitoro, CyberRisk Alliance

Through October, SC Media will deliver its own package of content to demonstrate how vendors and practitioners can go beyond assumptions about best practices among people to enable a more sophisticated approach to cybersecurity awareness.

What do users have to own themselves? How can technology help them along? Where does psychology fit?

Visit our dedicated webpage throughout the month to access news analysis and features from our editorial team that explain the obstacles and spotlight new approaches to overcome them.

Read contributed commentaries from cybersecurity experts about what works and what doesn’t in awareness training. And watch videos and dig into explainers focused on the people considerations of four key pillars of infosec enablement, as noted by CISA’s 2022 awareness campaign: Modern tactics for multi-factor authentication; policy and automation techniques for password management; standards for software supply chain security; and new approaches to email security.

None of this is to say that people can't own more of the responsibility for their own security posture. Quite the contrary, you’ll read about experts that told us users understand about the why, the more compelled they'll be to comply with security standards. But our coverage does challenge the security community to find new ways to address risk, perhaps removing some of the uncertainly in the process.

Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.