Why invest in a culture of security: Human Detectors
While computers are arguably better than humans at recognizing and identifying patterns in big data, the human brain has a remarkable ability to recognize when patterns break or something is out of place[1]. This human ability can be leveraged by security teams to build an early warning system that can discover threats and incidents that technology has yet to identify.
It is possible to create a network of human detectors that spans the organization, by encouraging employees from all areas of the business to report out-of-place events. This is a plausible outcome of a positive and strong security culture. Employees with a positive attitude towards their employer are more likely to care about their workplace and the protection of their organization. By tapping into employees’ motivation, organizations can build a network of human detectors and security teams are able to develop an early warning system.
To achieve an effective early warning system that is partially or wholly dependent on human input [2] from across the organization, the organization must be prepared to commit significant long-term investment of resources to building a strong and positive security culture. The effectiveness of your early warning system relies on this network.
Trust and Respect
For a network like this to be a reliable and dependable source of early warnings, it is necessary that there is a foundation of mutual respect and trust between the security team and the rest of the organization. That begins when all members of the security team are genuinely able to consider all other employees as allies to security processes.
The management level and the security team themselves must be open and supportive to dialogue and discussions on security-related topics. In an environment where these conversations are welcomed, encouraged and supported, we see that mutual respect, knowledge and understanding grows and positive attitudes are fostered.
The more successfully an organization is able to foster its security culture, the more it will be able to depend on the reliability of its network of human detectors and its early warning system.
Our Recommendation
Praxis Security Labs recommends that organizations consider their employees as allies to the security processes and work to develop a sense of community across different departments and business sectors. By encouraging employees to report out-of-place events, and making it easy for them to learn more about security through dialogue and discussions, organizations can foster positive attitudes, stronger relationships, and a better understanding. Being part of an engaging community gives us a sense of belonging. It enables us to share personal relatedness and support perpetual growth of each other, ourselves and our environment.
To facilitate successful change management and improve culture, the Praxis Process provides a comprehensive framework. By carefully and conscientiously working step-by-step through the process (seven iterative steps), our customers see cultural improvements in their organizations, increased cooperation and understanding between departments, and better security. The steps are made easier to complete with the assistance and efficiency of Praxis Navigator.
This article is the third in our series on why organizations should invest in a culture of security. The purpose of this series is to share some of the outcomes of forming and managing a culture of security. Previously, we have discussed topics like resilience and adaptability. Next, we will be exploring efficiency.
References
[1] Evans, K. K., Horowitz, T. S., Howe, P., Pedersini, R., Reijnen, E., Pinto, Y., ... & Wolfe, J. M. (2011). Visual attention. Wiley Interdisciplinary Reviews: Cognitive Science, 2(5), 503-514.
[2] Early warning systems can utilize a variety of different data sources. In fact, identifying the relevant data from existing data sources, and deriving meaningful information from it, is one of the main reasons that we created Praxis Navigator.