Security Awareness Programs & Computer-Based Training , Training & Security Leadership , Video
Moving From Cybersecurity Awareness to a Security Culture
KnowBe4's Javvad Malik on a User-Centric Approach to Designing SecurityEstablishing a robust security culture extends beyond tech-based solutions, underscoring the importance of clear and consistent messaging, said Javvad Malik, lead security awareness advocate at KnowBe4. Employees should hear a relevant message to embrace good security practices and principles of cyber hygiene, he said.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
Often, security professionals overlook the human element in data breaches. Users need to not only use technologies including multifactor authentication but also understand how bad actors use social engineering to steal credentials.
"We start at awareness, and then we go to behavior, and then we go to culture," Malik said. "A good culture is where people are taking good risk decisions. They're conscious of the decisions, and the behaviors that they exhibit are within the tolerance levels of their organization."
In this interview with Information Security Media Group at Black Hat Europe 2023, Malik also discussed:
- How to measure the effectiveness of a security program;
- The importance of taking user behaviors into consideration when designing security programs;
- Overcoming the challenges of building and maintaining a security culture.
Malik has held leadership roles in information security, risk management and IT advisory. He is the co-founder of Security BSides London and advocates for security awareness. His expertise spans technology research, community outreach and strategic advisory services.