Security Awareness and Behavioral Change: What's Realistic?

Adam Wedgbury of Airbus on Effective Ways Humans Can Boost Cybersecurity Posture
Adam Wedgbury, head of enterprise security architecture, Airbus

Raising user awareness is too often incorrectly considered to be a panacea for faulty information security programs, says Adam Wedgbury, head of enterprise security architecture at Airbus.

See Also: Webinar | Old-School Awareness Training Does Not Hack It Anymore

"It can drive risk reduction, but it is not the primary driver of risk reduction," he says. Rather, tools need to protect users from the myriad attacks and tactics being used to target them.

At the same time, however, "we also need to use the users as part of the cybersecurity posture of the company and challenge, quite frankly, the dogma that users are the weakest link," he says. "The human mind is an incredible thing. … Let's use it. Let's find ways to exploit that talent, that power that we have, and use it as part of the cybersecurity defense."

In a video interview at the UKI Cybersecurity Summit in London, Wedgbury discusses:

  • The limits of cybersecurity risk reduction via user awareness and behavioral change;
  • The fallacy that users are the weakest link;
  • The use of research and personae for identifying and communicating "cyber risky behaviors."

Wedgbury is the head of enterprise digital security architecture at Airbus, reporting directly to the global CISO. He is responsible for building and maintaining the core security controls framework, alongside the design of security standards and architecture patterns. Wedgbury started his career in the defense industry and has a breadth of experience across the cybersecurity domain, ranging from enterprise to embedded system security, industrial control systems and industrial research. He is active in the cybersecurity research community and has written a number of peer-reviewed and published papers. Wedgbury's specialist areas include security architectures and testing, vulnerability analysis and mitigation, and network management and security, and he has experience in commercial, defense and critical national infrastructure industries.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.