Cybersecurity Sessions #14

The Behavioral Science of Cybersecurity

Thursday, December 8th, 9:21 AM GMT / 10:21 AM CET
Listen on Spotify Podcasts Listen on Apple Podcasts
The Behavioral Science of Cybersecurity

Episode Description

The Behavioral Science of Cybersecurity

If a stranger walked into your workplace and asked you your name and email address, would you co-operate? What if they asked you to open a door for them, or to use your laptop or phone, all whilst wearing a shirt that said “CHALLENGE ME” on it?

This is the malicious floorwalker, an example of the behavioral interventions staged by the UK Ministry of Defence to educate their workforce about security threats and put their teachings into practice.

In this episode, Cyril speaks with Si Pavitt (Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture Team) and Steve Dewsnip (Behavioural Scientist at Atkins) to find out how gamifying psychological theory delivers surprising results across as diverse an organization as the UK’s Ministry of Defence.

Key points

  • Why you should incentivize positive actions rather than police security best practices
  • How to use social engineering to reinforce the need to challenge suspicious behavior
  • The importance of protecting psychological wellbeing during behavioral exercises

Podcast Host

Cyril Noel-Tagoe

Principal Security Researcher , Netacea

Cyril Noel-Tagoe is an experienced information security professional and Principal Security Researcher at Netacea. He spends his time researching, speaking and writing about malicious bots and other cyber security topics.

Podcast Guest

Si Pavitt

Head of Cyber Awareness, Behaviours and Culture , UK Ministry of Defence

Si Pavitt is the Head of the Ministry of Defence Cyber Awareness, Behaviours and Culture (CyAB&C) team under the 2* Directorate of Cyber Defence and Risk (CyDR). He is primarily responsible for setting the strategic direction for socio-behavioural change as it relates to cyber-secure behaviour across Defence. He also provides consultancy to Defence human vulnerability and social engineering activities.

Stephen Dewsnip

Behavioural Scientist and Organisational Change Consultant , Atkins Global

Stephen Dewsnip is a Behavioural Scientist and Organisational Change Consultant from Atkins Global. Working in the highly collaborative MOD Cyber Awareness Behaviours & Culture (CyAB&C) team, Stephen is responsible for the design and delivery of behavioural interventions to promote cyber-secure behaviours.

Episode Transcript

[00:00:00] Si Pavitt:
When we were thinking about this and we thought, "All right, we're gonna go on the floor plate and we're gonna go get caught." I thought, "this is gonna be like shooting fish in a barrel. This is so easy." And then you walk out and go up to someone, you say, "Hi there. sent down here to collect some information. Could I have your email address?" In the back of my head, I'm thinking "I am gonna get nailed straight away." And the person I'm speaking to went, "Yeah, sure. Here's my email address." I'm I'm wearing a t-shirt that literally says "Challenge me" cause I'm trying to draw attention.

[00:00:30] Cyril Noel-Tagoe: Hello everyone and welcome to Cybersecurity Sessions, our regular podcast exploring all things cyber security. I'm your host, Cyril Noel-Tego, principal security researcher at Netacea, the world's first fully agentless bot management product. Today we're going to be investigating how clever uses of behavioral science can strengthen cybersecurity

Read more