Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

“Cybersecurity professionals don’t know what makes the average person susceptible to cyberthreats,” says Missy Lawrence, Principal Consultant at ISG. “Cybercriminals hope to reach people when they are stressed or emotional because it clouds their judgment.”
ISG Principle Consultant Missy Lawrence, who focuses on applying neuroscience to technology challenges, sees psychology as the key to unlocking the potential of cyber awareness training. She believes that people have to be seen as part of the solution and not part of the problem.

Traditional cybersecurity awareness training leaves companies vulnerable to social engineering attacks.

Reducing the risk of people causing a breach requires a culture change.

Recently, LastPass, a cybersecurity company that sells password management software, suffered a cyber-attack that compromised the security of over 30 million individuals. Before that, it was the messaging giant Twilio, whose breach put over 75 million users’ data at risk. DoorDash, the food delivery service, was also a victim of a recent breach that exposed the personal information of its 4.9 million customers.

The source of these incidents all have one thing in common: avoidable human action.

In 2022, almost USD 2 billion was spent on cyber awareness training to greatly reduce the number of breaches that rely on a human factor, also known as accidental insiders.

Yet, according to Verizon’s 2022 Data Breach Security Report, 82% of successful cyberattacks continue to involve a human element.

Douglas Glair, Director Cybersecurity at ISG

Now, generic, one-size-fits-all security awareness training programs are under fire, with more companies looking at behavioral-based training to develop a more resilient and security-aware culture.

“Most awareness training options available today were developed about ten years ago with a focus on compliance,” explains Doug Glair, Director of Cybersecurity for global technology research and advisory firm ISG.

“They just don’t get to the root of the problem. We need to be concentrating on shifting the way people behave, and that starts with changing the culture.”

Security Awareness Training is Broken

At the heart of the issue is that the cybersecurity industry has long been focused on technology to solve its challenges, but the tide is turning.

“Until a few years ago, the fear of cybersecurity was addressed by backing up a dump truck full of cash to buy the latest and greatest technology,” continued Glair.

Despite increased spending, the number of breaches and associated costs continues to grow. According to the FBI’s latest Internet Crime Report, cyber-related complaints have increased by more than 180% over the last five years, resulting in $18.7 billion in losses.

“While funding is still needed, what we know now is that technology is only part of the solution, you also need resilient processes and a cybersecurity-aware culture,” he explained.

“CISOs and cyber executives need to be looking to redirect some of their spend to awareness training programs that can provide an ROI.”

Given that 82% of successful cybersecurity attacks involved the human element, it is a 100% statistical probability that every employee will eventually face some form of threat and need to properly identify it and know how to best act upon it.

ISG Principle Consultant Missy Lawrence, who focuses on applying neuroscience to technology challenges, sees psychology as the key to unlocking the potential of cyber awareness training. She believes that people have to be seen as part of the solution and not part of the problem.

“You can’t change cultures until you change behaviors, and you can’t change behaviors unless you understand how people think,” says Lawrence. 

Addressing the Human Factor

Lawrence says it’s natural for technologists to focus on their domain competency and to view human psychology as an afterthought. However, that oversight allows cybercriminals to thrive because they use the dynamics of human behavior to their advantage.

“Cybersecurity professionals don’t know what makes the average person susceptible to cyberthreats,” says Lawrence. “Cybercriminals hope to reach people when they are stressed or emotional because it clouds their judgment.”

This phenomenon, which Lawrence describes as an “amygdala hijack,” explains why phishing has become such a successful attack vector. The amygdala is the section of the human brain responsible for the “flight or fight” response and makes people react to events without thinking.

“Imagine that your brain is like a fist, where your fingers cover your thumb,” explains Lawrence. “The amygdala is the thumb, and you can’t move it. However, if you’re juggling multiple tasks or dealing with strong emotions, it’s the equivalent of lifting a finger or two.”

“When all the fingers are up, the amygdala is free to operate, and that’s when we make poor decisions that can lead to security breaches.”

Best Behavior

Social engineering tactics work because they use personalized content to target specific personality profiles, similar to how Netflix or YouTube tailor suggestions based on viewers’ past behaviors and preferences.

Dr. James Norrie, Founder and CEO at cyberconIQ
Dr. James Norrie, Founder and CEO at cyberconIQ

“Successful cybercriminals present content that speaks in a voice and using a style that resonates with a victim’s personality,” explains cyberconIQ CEO, Dr. James Norrie. cyberconIQ provides behavior-based cybersecurity training.

“We’re interested in what triggers someone to be vulnerable in the moment.”

Based in York, PA, cyberconIQ was a pioneer in the merging of psychology and technology to measure and manage cybersecurity risk.

By understanding individual behavioral traits, companies can provide personalized training that helps employees understand themselves and allows them to react better in situations that could cause a breach.

“Every style is vulnerable,” says Norrie. “We use a personalized curriculum to help people understand how they can become vulnerable and teach them how to protect themselves and their company.”

This personalized approach has generated significant success, even in sophisticated business environments. Before ISG began implementing behavioral-based cyber-training programs for their clients – often large, multi-national enterprise organizations – they first decided to run themselves through the training.

“We are a very technology-savvy company, and we still saw a 40% reduction in vulnerable behavior after taking the personalized, personality-based training,” says Doug Glair. “So even for us, we were able to see an ROI.”

(Learn how cyberconIQ helps Security Leaders mitigate the human element of cyber risk by leveraging CYBERology™ – the intersection of cybersecurity and psychology. Courtesy of cyberconIQ and YouTube.)

Cyber Aware and Ready

According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

However, new personalized training combining machine learning and behavioral science can teach people to see patterns or architecture commonly part of a threat. Just as important, it changes the way people respond to a threat.

“I call it cyber-intuition,” says Lawrence, “It needs to be second nature, just like our instincts. It requires humans to know themselves and understand their threat styles.”

Glair and Lawrence say that companies will likely continue to see breaches caused by human errors escalate in number and cost until executives view cybersecurity as a business problem, not just an IT problem.

They have concluded that investing in behavioral-based cybersecurity training makes companies more likely to build a security-aware and ready culture. Thus, creating a tipping point for progress in the battle against security breaches.

RangeForceTakes Platinum in 2022 ‘ASTORS’ Homeland Security Awards

Attendees enjoying the 2022 ‘ASTORS’ Awards Ceremony: (left to right), Dr. Kathleen Kiernan, President of NEC National Security Solutions (NSS); John Boyd Assistant Director of the DHS Office of Biometric Identity Management (OBIM); Jim Robell, President of Fortior Solutions and the 2022 ‘ASTORS’ Industry Leadership & Innovation Person of the Year; Commissioner Bill Bratton, Kym Craven, Executive Director for the National Association of Women Law Enforcement Executives (NAWLEE); CBP OFO DEAC Diane Sabatino, the 2022 ‘ASTORS’ Government Leadership & Innovation Person of the Year; OBIM Chief of Staff Penelope Smith; Frank Russo, CBP OFO Director of Field Operations NY & NJ; and Celinez Nunez, Assistant Director & Chief Security Officer for the Bureau of Alcohol, Tobacco, Firearms & Explosives (ATF).
Attendees enjoying the 2022 ‘ASTORS’ Awards Ceremony Include: (left to right), Dr. Kathleen Kiernan, President of NEC National Security Solutions (NSS); John Boyd Assistant Director of the DHS Office of Biometric Identity Management (OBIM); Jim Robell, President of Fortior Solutions and the 2022 ‘ASTORS’ Industry Leadership & Innovation Person of the Year; Legendary Police Commissioner Bill Bratton; Kym Craven, Executive Director for the National Association of Women Law Enforcement Executives (NAWLEE); CBP OFO DEAC Diane Sabatino, the 2022 ‘ASTORS’ Government Leadership & Innovation Person of the Year; OBIM Chief of Staff Penelope Smith; Frank Russo, CBP OFO Director of Field Operations NY & NJ; and Celinez Nunez, Assistant Director & Chief Security Officer for the Bureau of Alcohol, Tobacco, Firearms & Explosives (ATF).

American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now entering it’s Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.

RangeForce

Best Cyber Defense Team Training

Hands-on cybersecurity upskilling for your entire team. RangeForce's library of interactive cybersecurity skill content lives in an emulated, cloud-based environment. The platform can be accessed anywhere, at anytime, enabling safe and scalable learning across your team.
Hands-on cybersecurity upskilling for your entire team.
RangeForce’s library of interactive cybersecurity skill content lives in an emulated, cloud-based environment. The platform can be accessed anywhere, at anytime, enabling safe and scalable learning across your team.
  • RangeForce helps organizations orchestrate training and operationalize best practices for threat identification, response, and mitigation, ensuring individuals and teams can quickly and effectively respond to the next unexpected security incident.

  • The RangeForce platform emulates real-world IT environments and security tools and uses modern malware and threats for realistic yet safe exercises. RangeForce incorporates online gaming techniques and competitive incentives to encourage self-guided learning, skills development, and certification, and hosts highly realistic team-based attack competitions designed to test the cyber readiness of the organization’s team, at both an individual and group level.

  • Exercise scenarios include current, advanced attacks such as Ransomware, Credential Harvesting, Cloud Compromise, and adversary techniques such as phishing, lateral movement, and network reconnaissance.

(Hear from RangeForce CEO, Taavi Must, and former CISO Simon Hodgkinson on location at the Churchill War Rooms as they reflect on the unique challenges of developing world-class cybersecurity defenders in today’s digital landscape. Courtesy of RangeForce and YouTube.)

  • RangeForce offers learners pre-built, role-specific learning paths for Security Operations Analysts (SOC), DevSecOps, Web Application Security, Penetration Testing, Threat Hunter, and more, and partnerships with leading vendors give RangeForce a broad, customizable, virtualized network infrastructure that features popular security tools including QRadar, Recorded Future, Cisco, Splunk, Palo Alto, Exabeam, Sentinel One, Fortinet, YARA, Nmap, Suricata, Powershell, and DevOps platforms like Docker and Kubernetes.

    RangeForce requires only a web browser and has always-on availability, which is a game-changer for staff. Learners can complete a module on business-critical security technology, cross-train in a new area, or brush up on current skills at any time that fits their schedule.

RangeForce is a cloud-based and on-demand cyber skills platform, featuring real IT infrastructure, real security tools, and real cyber threats.
RangeForce is a cloud-based and on-demand cyber skills platform, featuring real IT infrastructure, real security tools, and real cyber threats.
  • RangeForce helps organizations with differing levels of cybersecurity defense maturity start where they are and improve their overall capabilities through guided skills assessment, hands-on exercises, validation of abilities, individual and group metrics, and refinement of the program for improvement.

  • RangeForce offers team-based exercises for various threats across experience levels and cybersecurity functions. RangeForce provides a continuous, closed-loop process that results in individual upskilling, cross-training, and measurable improvements in the entire team’s cyber defense readiness.

  • Elite, Enterprise, and Professional editions of RangeForce align individual and team-oriented content based on the organization’s security defense maturity level. 

  • RangeForce helps organizations upskill individuals, close skills gaps and identify individual aptitude for cross-training in needed roles within the organization. 

(Refine your defensive capabilities against the latest threats with a continuous approach to cybersecurity skills development. See real threats in action and sharpen the skills needed to defend your organization with interactive modules, challenges, and team-based threat exercises that reflect the real world. Courtesy of RangeForce and YouTube.)

  • Unlike other offerings, RangeForce combines both individual and team exercises, bringing a holistic approach to cyber defense readiness, and includes learner-specific plans in addition to group exercises. Learners select from hundreds of interactive skill modules, receive assessments, and participate in challenges.

  • RangeForce was also recognized in the 2021 ‘ASTORS’ Homeland Security Awards Program.

In addition, the continually evolving ‘ASTORS’ Awards Program will highlight the trail of Accomplished Women in Leadership in 2023 and the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders. #MentorshipMatters

So be on the lookout for exciting upcoming announcements of Speakers, Presenters, Book Signing Opportunities, and Attendees at the 2023 ‘ASTORS’ Awards Presentation Luncheon in November of 2023 in New York City!

Nominations are currently being accepted for the 2023 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.

Comprehensive List of Categories Include:

Access Control/ Identification Personal/Protective Equipment Law Enforcement Counter Terrorism
Perimeter Barrier/ Deterrent System Interagency Interdiction Operation Cloud Computing/Storage Solution
Facial/IRIS Recognition Body Worn Video Product Cyber Security
Video Surveillance/VMS Mobile Technology Anti-Malware
Audio Analytics Disaster Preparedness ID Management
Thermal/Infrared Camera Mass Notification System Fire & Safety
Metal/Weapon Detection Rescue Operations Critical Infrastructure
License Plate Recognition Detection Products COVID Innovations
Workforce Management Government Security Programs And Many Others to Choose From!

Don’t see a Direct Hit for your Product, Agency or Organization?

Submit your category recommendation for consideration to Michael Madsen, AST Publisher, at: mmadsen@americansecuritytoday.com.

Homeland Security remains at the forefront of our national conversation as we experience an immigration crisis along our southern border and crime rates that are dramatically higher than before the Pandemic across the United States.

CBP K9 Team Zaskya Steros and TYKE, with Commissioner Bill Bratton at the 2022 'ASTORS' Awards Luncheon.
CBP K9 Team Zaskya Steros and TYKE, with Police Commissioner Bill Bratton at the 2022 ‘ASTORS’ Awards Luncheon.

These challenges have become a national priority with an influx of investments in innovative new technologies and systems.

Enter American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields, with a circulation of over 75,000 readers and many tens of thousands more who visit our AST website at www.americansecuritytoday.com each month.

The pinnacle of the Annual ‘ASTORS’ Awards Program is the Annual ‘ASTORS’ Awards Ceremony Luncheon Banquetan exclusive, full-course plated meal event, in the heart of New York City.

2022 ‘ASTORS’ Awards Luncheon

The 2022 exclusive sold-out ‘ASTORS’ luncheon featured representatives of law enforcement, public safety, and industry leaders who came together to honor the selfless service of those who stand on the front lines and those who stand beside them – providing the capabilities and technologies to create a safer world for generations to come.

Last year marked the 20th anniversary of the Department of Homeland Security (DHS), which came out in force to discuss comprehensive collaborations between private and public sectors that have led to the development of intelligence and technologies which serve to protect our nation.

Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino
Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, expresses her pride in the women and men of the CBP, and their families who support them.

The keynote address was provided by U.S. Customs and Border Protection (CBP) Office of Field Operations (OFO) Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, who described the changes to CBP through the tragedy of 9/11 and the relentless commitment to its mission and ongoing investment in the latest technologies and innovations to protect our borders and Homeland.

The resounding theme of the DEAC’s remarks was her pride in the women and men of the CBP and their families who support them.

Deputy Inspector Lashonda Dyce accepts a 2022 'ASTORS' Award on behalf of the NYPD TARU Unit for Excellence in Public Safety.
Deputy Inspector Lashonda Dyce accepts a 2022 ‘ASTORS’ Award on behalf of the NYPD TARU Unit for Excellence in Public Safety, joined at left by Commissioner Bill Bratton, and at right Chief of Department Kenneth Corey.

AST was also joined by Legendary Police Commissioner William Bratton, who spoke about his love for the City of New York, the Profession of law enforcement to which he has dedicated his life, and for which he continues to drive thought leadership and innovation.

New York City Police Department (NYPD) Chief of Department Kenneth Corey, came out to address Luncheon attendees and shared some of his experiences and the changes in policing he’s witnessed over his more than three decades of service.

Katherine Schweit, an attorney, security consultant, and retired FBI special agent, and former head of the FBI’s active shooter program.
Katherine Schweit, attorney, security consultant, retired FBI special agent, and former head of the FBI’s active shooter program.

FDNY Chief Joseph Jardin honored the men and women of the FDNY, not only those who currently serve but all of those who have selflessly served, with special recognition of those lost on 9/11.

Chief Jardin spoke about the continuing health battle of many following 9/11 with cancer and respiratory disease, yet now knowing the full consequences, would not have made a different decision to respond.

As Chief Jardin noted, mission-driven service is the lifeblood of every firefighter, volunteer, and sworn member, and has been so throughout the history of the Fire Service.

Former head of the FBI’s active shooter program, Katherine Schweit joined AST to sign complimentary copies of her book, STOP THE KILLING: How to End the Mass Shooting Crisis,’ thanks to the generosity of our 2022 ‘ASTORS’ Awards Sponsors. 

The 2022 ‘ASTORS’ Awards Program was Proudly Sponsored by NEC National Security Systems (NSS), ATI Systems, Automatic Systems of America, guardDog AI, Fortior Solutions, IPVideo Corporation, Rajant Corporation, RX Global, and SIMS Software!

We were pleased to welcome the esteemed New York City Fire Department (FDNY); the New York City Police Department (NYPD); and the NYC Hospital Police,  as well as Executive Management from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and many other DHS agencies, Federal law enforcement agencies, and private/public partnerships such as the National Association of Women Law Enforcement Executives (NAWLEE), the 30×30 Initiative, a coalition of professionals advancing the representation of women in policing; and Operation Lifesaver, Inc. (OLI) (rail safety advocates).

The FDNY was honored in the 2022 'ASTORS' Awards Program for Excellence in Public Safety and Critical Incident Response.
The FDNY was honored in the 2022 ‘ASTORS’ Awards Program for Excellence in Public Safety and Critical Incident Response, accepted by FDNY Chief Joseph Jardin and Deputy Assistant Chief Frank Leeb.

The prestigious Annual ‘ASTORS’ Homeland Security Awards Program highlights the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.

Katherine Schweit, former head of the FBI’s active shooter program speaks with 'ASTORS' Attendees and autographs copies of 'STOP THE KILLING: How to End the Mass Shooting Crisis.'
Katherine Schweit, former head of the FBI’s active shooter program speaks with ‘ASTORS’ Attendees and autographs copies of ‘STOP THE KILLING: How to End the Mass Shooting Crisis.’

In 2022 over 240 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields.

Each year, to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government, and law enforcement/first responder practitioners, convene in New York City to network, learn and evaluate the latest technologies and solutions from premier exhibiting brands at ISC East, the Natural Disaster & Emergency Management Expo (NDEM EXPO), and the ASIS NYC Expo.

ISC East is the Northeast’s leading security & public safety event, hosted in collaboration with sponsor Security Industry Association (SIA) and in partnership with ASIS NYC.

U.S. Customs and Border Protection (CBP) was Honored at the 2022 ‘ASTORS’ Homeland Security Awards Ceremony and Banquet Luncheon in New York City, featuring OFO DEAC Diane Sabatino and Director of Field Operations NY Area Frank Russo (at center).

Corporate firms, the majority of which return year to year to build upon their Legacy of Wins, include:

Advanced Detection Technologies, AMAROK, ATI SystemsAxis Communications, Automatic Systems, BriefCam, Canon U.S.A., Cellbusters, CornellCookson, CyberArk  Fortior Solutions, guardDog.ai, Hanwha Techwin of America, High Rise Escape Systems, IPVideo Corporation, Konica Minolta Business Solutions, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Select Engineering Services LLCSinglewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and West Virginia American Access Control Systems, just to name a few!

Why American Security Today?

The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.

American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.

American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.

Harness the Power of the Web – with our 100% Mobile Friendly Publications

AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.
AST puts forward the Largest and Most Qualified Circulation in Government with Over 75,000 readers on the Federal, State and Local levels.

AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.

‘PROTECTING OUR NATION, ONE CITY AT A TIME’

AST Reaches both Private & Public Experts, essential to meeting these new challenges.

Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.

American Security Today

These experts are from Government at the federal, state, and local levels as well as from private firms allied to the government.

AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.

AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.

Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.

To learn more, please see the 2022 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2022 ‘A Year in Review.’

The Annual CHAMPIONS edition reviews ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.

The 2022 CHAMPIONS serves as your Go-To Source through the year for The Best of 2022 Products and Services endorsed by American Security Today – and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.

From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware, and Networking Security – to name a few), the 2022 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.

It also features guest editorial pieces from some of the security industry’s most respected leaders and recognized firms in the 2022 ‘ASTORS’ Awards Program.

For more information on All Things American Security Today, as well as the 2023 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

  • Provides named sources
  • Reported by more than one notable outlet
  • Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.