Security awareness is a term that most information security professionals are familiar with – security culture a little less so.
“Security awareness training is based on a behavioural theory that was debunked decades ago,” says Kai Roer, co-founder of European security startup CLTRe.
“The Rational Economic Theory says that if you know the best action to take when given a choice, you will always make the better – and rational – choice. But unfortunately for the security awareness industry, their customers and the security industry in general, the human mind does not work rationally. More importantly, our mind doesn’t care about making decisions, and solves that ‘problem’ by creating a large number of mental patterns that result in automatic behaviour.”
Leave a reply