Security Awareness and Behavioral Change: What's Realistic?
Adam Wedgbury of Airbus on Effective Ways Humans Can Boost Cybersecurity PostureRaising user awareness is too often incorrectly considered to be a panacea for faulty information security programs, says Adam Wedgbury, head of enterprise security architecture at Airbus.
See Also: Webinar | The CISO's Guide to a Strong Security Culture
"It can drive risk reduction, but it is not the primary driver of risk reduction," he says. Rather, tools need to protect users from the myriad attacks and tactics being used to target them.
At the same time, however, "we also need to use the users as part of the cybersecurity posture of the company and challenge, quite frankly, the dogma that users are the weakest link," he says. "The human mind is an incredible thing. … Let's use it. Let's find ways to exploit that talent, that power that we have, and use it as part of the cybersecurity defense."
In a video interview at the UKI Cybersecurity Summit in London, Wedgbury discusses:
- The limits of cybersecurity risk reduction via user awareness and behavioral change;
- The fallacy that users are the weakest link;
- The use of research and personae for identifying and communicating "cyber risky behaviors."
Wedgbury is the head of enterprise digital security architecture at Airbus, reporting directly to the global CISO. He is responsible for building and maintaining the core security controls framework, alongside the design of security standards and architecture patterns. Wedgbury started his career in the defense industry and has a breadth of experience across the cybersecurity domain, ranging from enterprise to embedded system security, industrial control systems and industrial research. He is active in the cybersecurity research community and has written a number of peer-reviewed and published papers. Wedgbury's specialist areas include security architectures and testing, vulnerability analysis and mitigation, and network management and security, and he has experience in commercial, defense and critical national infrastructure industries.