Security Think Tank: In 2023, we need a new way to cultivate better habits

How are those New Year’s resolutions working out for you? With 2023 now well underway, many of your best intentions for the year may have already been adjusted, deferred or abandoned entirely. You’re only human, after all.

It’s often the same with employee cyber security training. At many organisations, staff are required to complete a training course once or twice a year. The content is typically very corporate, and the narration is relatively generic. These sessions will typically cover a lot of ground in a short period, explaining common cyber security risks, presenting corporate policies and highlighting best practices for keeping data and systems safe.

If the session is well-designed, if it’s delivered engagingly, and if employees give it their full attention — and that’s a lot of ‘ifs’ already — then participants may leave with the best of intentions to put their new-found knowledge to use. But soon, the pressures of working life or good old-fashioned forgetfulness kick in, scuppering their resolve. They quickly slip into the same old bad habits, paying less attention as they work fast, trying to do three things at once, consequently becoming more susceptible to social engineering attempts.

That’s why I think that, in 2023, we need to go much further than just periodic online cyber security training if we are going to help our workforce get out in front of the bad guys. We need a newer, better approach.

Atomic habits