2/8/2023 - technology-and-innovation

Cybersecurity as a Mechanism for Understanding People Behavior

By jessica avalos

Imagen de portada
Imagen de portada

Understanding human behavior in the face of cyber threats

I have played a professional career for more than nine years in the field of computer science and cybersecurity for multiple international companies and the common denominator that worries almost all is the theme of so-called social engineering. We usually know him as frauds, deceptions or traps that attackers use against the employees or end users.

What are different questions arising through what expresses the analysis of behavior, especially What do we do?, How do we think? and How are decisions taken?, in the approach of containment and perception of the threats that emerge day with day of the computers themselves in the workstations or personal in each home.

What highlights is that among the mistakes that are most common, it is assumed that the topics about awareness have been created in a personal way and not to think as a user, follows with a technical syringe that is only understandable for those who dominate computer and cybersecurity issues, being a distant concern for those people who have prepared to work in different areas of business economic role, by which one should create empowerments with a more flexible and flexible understanding language.

It can be explained that, on several occasions, what we express for your tecnicism can leave more doubts and incognites, for this lack of understanding that can become boring and distracts the person. The primary objective is really lost during the exercise, and the proposed goals are not achieved as the change behavior to improve the responsible use of the equipment and its tools and services that were installed for use, to take action the protection of information and critical infrastructure, form habits in a culture of threat detection and possible vulnerabilities, motivate people to improve your daily practices behind your access.

Often the content comes to the person in a complicated or too broad way for his understanding, so that a practical exercise is carried out in the exchange of knowledge and experiences, such as the example of a seller who has all the intentions of promoting a new product, which is little known or unknown in its entirety, but in his eagerness to sell them describe them as a necessary article and buy with that vision, which then generates an analysis of a personal way if it was needed.

In this sense, people who work in the midst of cybersecurity have to sell all this vital information scheme to reduce risks in the face of any vulnerability, so that it arrives adequately to the end user and understands its importance in their working environment. But for this, it is necessary for Marketing employees to form something that allows to convince the customer, and therefore has to take the role of a marketing worker and start a game on the analysis of human profiles, their thoughts and behaviors for the understanding of their decision making. The result of this exercise is that awareness is to sell, and that it is sold:

  • New Ideas
  • The motivation for changing behaviors
  • Trust
Starting to get out a little of the box to enter this world that can sometimes also be the world of a psychologist.

The first point to consider is that people are customers who must be sold services or products. Some of the things that have been instructed me when studying the business master's degree, especially in the marketing course, is that the most important thing is to meet your client, around your preferences, to offer something that will really buy and will buy, capturing your service.

And about that I always had the taste for this phrase:

“People will forget what you said,People will forget what you did,But people will never forget how it made her feel. ”Maya Angelou.If you remember any ad that made you feel happiness, tranquility, or express another emotion. Certainly you will not remember the details of a whole, of the arguments, but if the permanence of this feeling that left. Precisely because it managed to touch emotions on consumers. That, in the personal history of each person, one can associate and mix with previous beliefs or experiences and memories that have been associated in our subconscious.

In the same way that this type of emotional or instinctive ads are left more than rational, they should be delivered to people so that awareness produces better results.

And how can one achieve?

With a simple procedure of a few steps it is explained that this is based on how a person makes a purchasing decision:

First, note how the leading AMAZON e-commerce corporation, to influence the purchasing decision process of its customers, is based on the representation of the benefits and advantages of buying online.

Case Amazon

Amazon is a company that understood how to take the action of purchases, seduce a customer to take you from a process of showing you a need until you effectively make a purchase.

Having clear this example as one of the marketing tools to sell a product or service, it can be applied to cybersecurity.

First: A classification of the level that exists on the security awareness in which the target people are.

Second: After classification, a content or a learning route can be mounted depending on your application level. For example:

  • Low level: the purpose awakens the person's interest or creates a need, which can be done transmitting fresh, friendly and fun content (containing real-life stories or experiences, references with memes, jokes, among others).
  • Middle level: the goal is that when one has already been able to awaken this interest, one must influence the desire. At this level one can already play themes a little more technical, but with a simple explanation when speaking or mentioning, introducing phishing, vishing, Trojans, viruses, rasomware using a number of examples.
  • Level High: It should lead people to the action of the purchase, that is, at this point it can already be considered that they are ready to sell the product, which in this case are presented the policies, standards, safety procedures and all the desired scheme. But in order not to use these terms or techniques, your name may be changed as, for example, calling them agreements.
Finally, there is a post-sales process to ensure that the product arrives correctly at its final destination, and to observe how it moves from one level to another, which can be analyzed in metric units that allow the evaluation of the program at two-month intervals. In this way, you can also feedback with some information that allows you to know what each participant needs to be able to sell the product we offer. And with these experiences the same feedback as a productive cycle.

With all this information and experience schemes, one can avoid continuing to generate awareness programs that will only have a favorable result in boring skills and that more than generate a positive value for companies, generate strangulations and obstacles in business processes.

Do you want to validate this article?

By validating, you are certifying that the published information is correct, helping us fight against misinformation.

Validated by 0 users
jessica avalos

jessica avalos

Hi, my name is Jessica, and I'm an IT security expert. I have more than 10 years of experience in different areas of Information Security, including extensive experience in the banking sector. Currently, I perform as Business Developer Manager at Hacking Mode. I have conducted consulting and audits for many companies (ISO 27001, PCI DSS, NIST, CIS) including VisaNet Guatemala, Food Products Diana, Agricultural Bank, Mortgage Bank, Solidary Bank, Multibank among others. I also specialized in computer forensic expertise in Mexico and I am certified by the Secretary of Labour and Social Security.
I am actively working with organizations specializing in combating cybercrime internationally such as the FBI, the Pentagon, Interpol and the Central Intelligence Agency (CIA) of the United States.
In addition, I have been collaborating with different companies in Latin America in the area of cryptocurrencies, blockchain, Smart contracts and NFT security. I have knowledge in solidity, phyton, react which I have applied to develop a portfolio of safety tools in the DeFi ecosystem.

TwitterLinkedin

Total Views: 3

Comments