Since releasing my book last year, ‘Risk Starts And Ends With People’ and launching this podcast, ‘Unearth A New Perspective On Risk’, I have heard from so many of you how much our approach, our System4Risk (S4R), and stories have resonated, not to mention those lightbulb moments you have experienced.
So, I find it interesting that as soon as the discussion often leads towards technology and cyber, suddenly it is viewed differently. It is almost like the people within technology and cyber are viewed and treated differently from the rest of the business.
I find this fascinating, especially as I have shared the importance of people in all aspects of the business and highlighted the risks being felt by our cybersecurity teams. Technology may be the tool of trade, but it is still people who are the users of the technology, and there are many risks, including fatigue. Your cybersecurity teams are in a battlefield that never sleeps, 24/7, every day of the year. I have spoken on a couple of panel discussion the topic of fatigue and other challenges and risk within cybersecurity. Which is an ongoing concern, especially with the supply-chain (skilled cybersecurity resources) shortage, meaning that many of these team members are stretched beyond their capacity, opening themselves and the business to a range of risks.
So, in this episode we are going to discuss the topic of cybersecurity and joining me is Dr Patrick Scolyer-Gray, who champions the Human-Centric Cybersecurity (HCCS) offering for 460degrees. As a cyber-sociologist, Patrick investigates how and why people think and do what they do. Drawing from a range of concepts and methods in behavioural and physical sciences, Patrick identifies security implications of human behaviour and develops solutions to the vulnerabilities he finds. Leveraging a broad range of experiences as an academic and engagements with industry and government, particularly the Australian Department of Defence.
Forewarned, this is a topic Patrick and I are both passionate about as we share why ‘cyber starts and ends with people’. Through our discussion we touch on:
- Patrick’s own story, which began in academia, as he was originally a lecturer and then a research fellow and his PhD in Sociology. How his journey ironically, he found his way into cybersecurity. How Patrick turned up as the only social scientist in the physical sciences side of the university, leading to people asking, ‘Are you in the wrong building?’
- What is cyber sociology?
- Importance of recalibrating perspectives away from a technological focus to looking at humans.
- Challenging Patrick’s statement that ‘somewhere between (depending on whose figures you look at) between 90 and 95% of all cyber incidents, bad cyber things that happen are attributable to human failure of some kind.’
- Bringing technology and humans together as a unified whole.
- The limited time that people have to learn and master technology, as it enters the market at such a pace.
- 3 Pillars Patrick focuses on for human-centred cyber security:
- Cyber indifference
- Cyber literacy
- Security culture
- Cybersecurity cannot be a one brush approach.
- Understanding the motivation of your people.
There is plenty to sink your teeth into, and to challenge your thinking. Or perhaps you might like to challenge ours.
We would love to hear your thoughts on the episode, so please feel free to reach out to me directly. And remember, whether it is risk or cyber, it starts and ends with your people.
Connect with Dr Patrick Scolyer-Gray
Connect with 460degrees