Charter of Trust Webinar: “The Human Element in Cybersecurity”
On 28 July, the Charter of Trust Principle 6 ‘Education’ hosted the first-ever Charter of Trust webinar “The Human Element in Cybersecurity”. Discussions focused on why people are so central to cybersecurity, how capacity building can be beneficial, and which modern approaches to learning can be applied to effectively leverage the human element in cybersecurity.
A group is only ever as strong as its weakest link. That is why it is important for organisations to educate all their members on cybersecurity, from Intern to C-Suite. A recent social engineering attack, which resulted in a major Twitter hack on 15 July, exemplified just how crucial the human component in cybersecurity can be.
To discuss the Human Element in Cybersecurity, best practices and new approaches,the Charter of Trust Principle 6 Taskforce “Education” hosted a webinar on 28 July.
The session was moderated by Kai Hermsen, Global Coordinator for the Charter of Trust at Siemens AG and Principle 6 Taskforce Lead. He was joined by three of our Charter of Trust cybersecurity education experts:
- Daria Catalui, Group Information Security Education Manager, Allianz
- Bernardo Garcia, Education & Awareness Security Manager, Airbus
- Bernd Barban, Chief Information Security Officer, Atos Germany
The group addressed the issues of behavioural change, soft skills and basic hygiene in cybersecurity in the context of the four fundamental challenges faced by cybersecurity:
1) building a security culture,
2) driving for more diversity in the cybersecurity workforce,
3) expanding cybersecurity competences and activities, and
4) recognising that cybersecurity is a technological, organizational and societal challenge.
Their discussion highlighted the increased importance to educate and train users given the evolving threats and risks in a working-from-home setting.
New tools such as password managers and two-factor authentication (2FA) present one of the best ways to secure applications against hackers but panellists noted that use of these tools is still too infrequent.
In addition, organisations need to continuously upgrade the cyber security knowledge of their members. But to successfully upgrade the “Human Operating System”, cybersecurity should be more engaging and user-friendly, for example through gamification or microlearning.
Ultimately, organisations that motivate, collaborate, implement and enable are at the core of a successful corporate cybersecurity education strategy.
To hear the full discussion between our experts, make sure to check-out the recorded webinar above and stay tuned for more Charter of Trust webinars coming soon!
Kai Hermsen is the Global Coordinator for the Charter of Trust for Siemens, Previously, he has been heading the Siemens Cybersecurity Strategy and worked as Project Manager in Siemens Management Consulting in Germany and India. He has a background in business administration.
Daria Catalui is a cyber security training and awareness professional with working experience in EU’s cyber security agency- ENISA, the European Commission and the Romanian Presidency of the Council of the EU. She is an advocate for the following projects, which she had the chance to kick-off and helped grow for public awareness and scaled-up for impact: Cyber Aware and CyberReadyGame, European Cyber Security Month, NIS quiz, NIS educational map, European cyber security challenge and the Annual Privacy Forum. Furthermore, Daria is conducting research with focus on gamification and initiated CyberEDU project. She speaks regularly at international conferences.
Bernardo Garcia is an Education & Awareness Security Manager at Airbus, leading and planning security awareness plans to change behaviour and establish a security culture. A certified SANS Security Awareness Professional (SSAP), Bernardo has a broad experience in working in international environments and promoting culture changes. He joined Airbus in 2001, where he has held various positions and gained a strong experience in the aviation and aerospace industry.
Bernd Barban has over 20 years of experience in Information Security at the interface of organization, processes and technologies. In the early 80s, he started his career as an electronics engineer and developed electronic circuits for computer interfaces. In the following years, he broadened his knowledge in various projects from IT security software development to the creation of complex IT security concepts for military helicopters. For almost 10 years afterwards, was responsible for Client Security Management for several accounts in the telecommunications and chemical industry. In April 2017, he became Chief Information Security Officer for the Atos Global Business Unit Germany. Mr. Barban joined the Charter of Trust Principle 6 Taskforce ‘Education’ in mid-2018.