It's hard to believe that this week marks four months since RSA 2020 in San Francisco. Delivering the first keynote on the opening day of the conference definitely represented a career highlight for me, but a lot has happened in the world since then.
I was delighted to keynote as part of RSA in the year they focused on the human element. My session was Fear and Loathing in Cyber Security: An Analysis of the Psychology of Fear. I drew on extensive research in the sociology and psychology of fear, as well as real-world case studies, to explain why we can’t simply scare people into security, but how we can harness human bias to have a more positive impact on cyber security awareness, behaviour and culture.
I spoke about why fear, uncertainty and doubt (FUD) doesn’t work in cyber security, and so often backfires to make things worse for us. First up, I answered a question I'm commonly asked on this topic: why FUD often works in phishing attacks but not awareness-raising:
I talked about what social proof has to do with security messaging, how we often shoot ourselves in the foot with social proof and how we can use it to frame our communications more effectively:
One of the main messages of my keynote was the damage caused by a culture of fear in cyber security. I explained why we need a just culture which empowers people if we want to positively influence them:
Some other key messages included how we move beyond simply awareness and into action:
I spoke about security culture, and the relationship between awareness, behaviour and culture:
And I covered how to empower people with efficacy messages - so important when you are talking about something scary!
If you've ever seen me speak about cyber security, you'll know that I love using humour where possible. My keynote covered how to use humour effectively when delivering awareness-raising (with a word of caution!).
And, that's not all! As with every keynote I deliver, this was packed with content and takeaways. I loved delivering this keynote at RSA2020 and have been delighted to receive lots of feedback from people who have implemented my recommendations and seen the benefits. Check out the full talk for all of the research, case studies and takeaways!