Events , Infosecurity Europe 2023 , Infosecurity Europe Conference

Don't Blame Users for Failures - Support Them to Be Secure

University of Nottingham’s Steve Furnell on Why Users Need More Support
Steve Furnell, professor of cybersecurity, University of Nottingham

Employees need technology that is easy to use and free of errors and that directs them to appropriate cybersecurity guidance when they have questions. Basically, they need technology that helps them to help themselves work more securely, said university professor Steve Furnell.

See Also: OnDemand | BEC Aware: Three Actionable Steps to Activate Security Culture in UK

Why are users implicated in cyber incidents? Furnell said it's because our systems allow passphrases such as "Password" or "1234567" - and some users still think they are appropriate. Also, he said, users get no guidance, such as a computer prompt advising them to use a stronger password.

Cybersecurity professionals appear to assume that people should know what good practice is, yet providing guidance about best practices has been shown to improve security, Furnell said. Also, some technology is simply not user-friendly, and if the user experience is unpleasant and frustrating, employees will avoid it and find workarounds.

In this video interview with Information Security Media Group at Infosecurity Europe 2023, Furnell discussed:

  • Why absence of a baseline level of training or awareness puts users at risk;
  • Why users aren't actively directed to appropriate security advice;
  • Whether we can strike the balance between minimizing friction and implementing appropriate security.

Furnell is a professor of cybersecurity in the School of Computer Science at the University of Nottingham, an adjunct professor with Edith Cowan University in Western Australia and an honorary professor with Nelson Mandela University in South Africa. He is also the chair of Technical Committee 11 within the International Federation for Information Processing and a board member of the Chartered Institute of Information Security, where he chairs the academic partnership committee. Furnell's main research interests are broadly linked to the intersection of human, technological and organizational aspects of cybersecurity. Specific themes of interest include the usability of security technology, security management and culture, cybercrime and abuse, and technologies for user authentication and intrusion detection.

About the Author

Tony Morbin

Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.