September 18, 2014 By Rick M Robinson 2 min read

Security breaches continue to lead in technology news, with the targeted victims ranging from personal consumer storage to major enterprises and government organizations. All too often, the response from the public — and enterprise management — is to blame the human failings of the victims.

While it is true that people, both as employees and consumers, largely don’t follow the advice of security professionals, blaming the victims has failed to produce better security practices. This is why security experts are increasingly focusing on persuasive technology, which makes good security practices the path of least resistance for users.

Complexity Bedevils Security Measures

Security can be complicated — just think of the standard guidance for generating strong passwords. And what’s more, as Jon Oltsik reports at Network World, security is often made needlessly complicated by organizational flaws.

These complications can range from information technology initiatives undertaken without security consultation to security staffs that are so busy putting out fires that they don’t have time to train employees to use existing security measures properly. Some of the shortcomings are technology-centric; for example, network security measures tend to center on specific devices instead of network flows.

All too often, however, “security policies … are too complex and can’t be enforced with the current network security processes and controls,” according to a recent ESG report. Even the most conscientious employees are likely to throw up their hands when faced with confusing, overlapping or downright contradictory security measures.

Safely Navigating Toward a Safe Haven Through Persuasive Technology

Avoiding needless complexity is a vital starting point when it comes to streamlining security. However, it should only be a starting point; the next stage should be actively pursuing persuasive technology that will make good security practices a natural part of the workflow.

As Erik van Ommeren, Martin Borrett and Marinus Kuivenhoven write in Chapter 6 of their new e-book, Staying Ahead in the Cyber Security Game, the user is commonly regarded as a weak spot, but that same user can be “an enormous force for good.”

Once a secure process or workflow is established, it becomes second nature to users. Those same users can become the first line of defense, spotting anomalies in logins or suspicious emails.

Persuasive technology, to be sure, is not just about making secure procedures easier and more natural to follow. It is also about making insecure practices less natural to follow.

For example, a persuasive technology approach to email attachments might have two sides. On one hand, a smoothly working, collaborative solution can make sending secure messages and attachments a simple, natural process. At the same time, restrictions on email attachments (such as attachment size) make insecure email attachments less convenient to use, meaning users will have less of an impulse to use them.

Not every necessary security measure can be made “persuasive.” But thinking of security in terms of what users can do rather than what they cannot do will go a long way toward making good security practices the norm.

Download the free e-book: Staying Ahead of the Cyber Security Game

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today