Christopher Freeze
When we think of keeping our online world safe, we usually think of technological solutions like firewalls and antivirus software. But there's a big piece of the puzzle that's often overlooked. That's the human side of cybersecurity.
There are two main groups in the human side of cybersecurity. One is an employee of the organization, including the cybersecurity team, and the other is a hacker who attempts to attack the organization's computer systems.
To be an effective team, cybersecurity professionals need to have good social skills as well as technical skills. And right now there is a gap between what they need and what they have.
You may be wondering why social skills are so important in cybersecurity. That's because cybersecurity isn't just about fighting hackers with fancy tools. It's also important to collaborate with people, from line employees to executives. When cybersecurity teams are unable to communicate effectively with everyone, problems can occur and prevention and defense plans can fail.
Others are also reading…
Researchers at the U.S. Military Academy at West Point say that being good at cybersecurity requires a combination of technical, social, and psychological skills. That's because the online world has three parts: physical (computers and networks), logical (software and data), and social (humans using technology).
Everyone on our cybersecurity team brings their experience and skills to cybersecurity. That's why it's important to understand human behavior.
If cybersecurity professionals lack social skills or the ability to get into the minds of the people they are trying to protect (and the hackers they are trying to thwart), their cybersecurity strategies may not work as designed.
Hackers are often skilled at social skills and understanding people. They use social engineering to trick people into divulging information or making mistakes.
According to the FBI, social engineering is the most common method used by cybercriminals. They are good at it because they have learned how to exploit human emotions and weaknesses.
If cybersecurity professionals want to keep up, they need to be equally familiar with how people think and act, and be able to communicate their work to others.
Imagine a bank or hospital suffering a cyberattack. Cybersecurity teams need to keep everyone, from executives to customers to the media, up-to-date. When teams don't communicate well, people can lose trust and everyone can be seen as untrustworthy or unreliable.
It's time to change your focus a bit. Don't just think about what software you use to thwart hackers, you also need to think about how you train your employees, especially your cybersecurity team.
It starts with the leaders of the organization. Companies need to demonstrate that they are serious about cybersecurity by supporting training programs that focus on developing social skills and understanding human behavior.
When we talk about how well different teams within a company are doing, we often focus on how skilled they are at dealing with people. So why not do the same for your cybersecurity team? If you don't feel comfortable putting them in front of your company's executive team or board of directors to talk about cyber issues, There is a problem.
What I should do is: First, make sure our cybersecurity team is good with people, not just computers. Next, build a cybersecurity team that includes people trained in criminology and psychology. And finally, invest in training programs that focus on the human side of cybersecurity.
By doing these things, we can make our organizations and the information they have about us a safer place for everyone.
Dr. Christopher Freeze is an assistant professor of cybersecurity at the University of Oklahoma Institute of Technology in Tulsa. His professional career was spent serving the American people as an FBI special agent.
