top of page
  • info203219

Why the Human Firewall is SO last decade!

On Thursday 5th March I was delighted to deliver the opening talk for CyNam 20.1: The Human Element in Cyber Technology at the Cheltenham Racecourse. At Cygenta we are obviously massively passionate about positively empowering individuals to embrace cyber security and therefore I couldn’t not put my hat in the ring to deliver a talk!



During this talk I discussed:

  • a shift from promoting a human firewall to a more empowered human sensor network

  • how organisations can measure the development of human sensors

  • how this ties into social proof

  • how to grow a human sensor network across an organisation

A lot to fit into 10 minutes, but I do love a challenge! Below is a brief outline of what I covered.


The concept of the human firewall within security awareness has traditionally been about prevention. We know that this is not the most effective way to engage individuals. Firstly, when it comes to cyber attacks, you can’t prevent every incident, this is a totally unrealistic ask on individuals. It also doesn’t prepare people for what do when something goes wrong and there is an incident. In their minds, they were told to prevent and they’ve failed, not very empowering if you ask us! Finally, focusing solely on prevention doesn’t give organisations any opportunity to learn about the risks they’re facing. Which departments are most at risk, what attacks are they seeing, who is the most vulnerable?

This is why we’re promoting human sensors. The concept of human sensors suggests that individuals know how to detect and respond to incidents. They understand the indicators of compromise and feel empowered to approach the correct individuals or platforms to report incidents. This ultimately minimises the fear, uncertainty and doubt (FUD) they may have when they think an incident has occurred. Ultimately, the sooner an organisation has detected that an incident has occurred, or nearly occurred, the more likely we are to mitigate the damage and communicate advice to other individuals.


Previously we have been unable to measure whether a human firewall exists within our organisations. We can, however, measure the number of human sensors, this is a really positive metric we can report on and celebrate! Phishing is the perfect tool for testing and reinforcing human sensors. Here, instead of reporting on the number of people who clicked on the link, we’re reporting on the number of people who reported the phish. The key here is to then celebrate them. This is the behaviour you want to see individuals doing!


This ties in really nicely to the phenomenon of social proof, whereby people mimic the behaviours around them when they don’t know what to do. By positively recognising good behaviours you’re able to draw on social proof and encourage people to mimic the behaviours that you want to reinforce.


This doesn’t happen overnight, but if you’re looking to grow a human sensor network across an organisation a security champions programme can certainly help. Security champions (sometimes going by other names like ambassadors) are people who are not part of the security team but represent each department in your organisation. These are people who are already your human sensors and who are really passionate about helping to change the security culture in an organisation. Security champions give invaluable scalability, engagement and information to you. They help to ensure that the correct security messages are delivered and ensure that information on what has worked and not worked is fed back. For more on our approach to security champions, check out this blog post including a talk that Jess gave on the subject at Bsides London 2019.


As you can tell, at Cygenta our approach is all about positive messaging. We help our clients to build a confident and empowered culture when it comes to cyber security. This shift to a positive human sensor network can dramatically improve your response and resilience capabilities.


If you’d like to find out more or have any questions, please get in touch.

144 views

2 Comments


Agnes Lizzy
Agnes Lizzy
Oct 14, 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…

Like

Janet Lucy
Janet Lucy
Oct 12, 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…


Like
bottom of page