Using Psychology to Increase Organizational ResiliencyDenise Beardon on How Focusing on Instinct and Behavior Helps Employees Stay Secure
Including psychology in cybersecurity educational awareness programs allows employees to recognize and trust their own instincts when dealing with a potential security incident, says Denise Beardon, head of information security engagement at international law firm Pinsent Masons.
See Also: Case Study: The Road to Zero Trust
Using email phishing as an example, she says, "As we bring in psychology and talk about how the mind is involved with attacks," employees become "more likely to follow secure behavior, and that's where they mitigate that risk."
In a video interview with Information Security Media Group, Beardon discusses:
- How employees might be unfamiliar with the military and technical language used in discussing cybersecurity;
- Examples of how to look at cybersecurity incidents differently by focusing on the psychological aspects of attacks;
- How organizations can foster an open, transparent and supportive security culture.
Beardon is the creator of the Human Cyber Index, an academically supported measurement of an organization’s security culture, including whether its employees are equipped to combat the potential risk and the impact of the organization’s policies and behaviors. She has more than a decade of experience delivering positive change to security cultures across a variety of organizations across the globe.