Find the story in cyber awareness

Welcome to the new 85 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage.

Keep up with our weekly newsletters on LinkedIn, Subscribe here.

This week we’re focused on… 📢

Whether cybersecurity professionals need to take lessons from the world’s greatest storytellers. ✍️

Why? 

Because we interviewed Nisreen Al Khatib (Expert in IS Risk Management, Data Privacy, and Cybersecurity Management), and she said: 

“We can’t address cybersecurity education and awareness with the same old methods, or we will get the same disappointing results.”

Good point. But what are the same old methods? 🤔

Well – one of the problems that cybersecurity educators talk about often is that many awareness initiatives take a one-size-fits-all approach. They start with the message, communicate it in a way that makes sense to them, and leave it at that. 

But this isn’t a solid way to provide information, because it doesn’t really get into people’s heads. 

Instead, an effective story needs to take its audience into account. Who are they? What do they care about? What would make them care about cybersecurity? 

Because if you don’t make them care, then your message won’t sink in – and they definitely won’t remember it. 

That’s why Al Khatib added:

“One of the key considerations in communication is to identify the audience we are targeting so we can tailor our message and delivery to that target audience. The same should happen with our efforts in addressing cybersecurity education and awareness.” 

Storytellers do it best 

In her book How to tell your story so the world listens, Bobette Buster (Storytelling Professor) wrote:

“When we tell a story…we can either state cold, hard truths, or we can create an emotional connection. One way to do this is to make the story personal. To ‘hand over the spark’, and tell your audience why you care so much about this.” 

And that’s exactly what we need to do. Here at Black Hat MEA we know that cybersecurity professionals have a spark to hand over; we know you care about what you do, and we know your passion runs deep. 

But so much of the material this industry puts out into the world falls flat because it lacks that spark; it states those cold, hard truths, and does nothing more than that. 

Putting your spark together with what your audience cares about ⚡️

So effective communication needs to do these two things: 

1. Communicate your spark – the reason you care about the message you’re sharing.
2. Make the audience care about it too – by connecting the dots between what you care about and what you know matters to them. 

And to do that, you need to use real examples, communicate emotion, and – whenever possible – position your audience as the main character in the story. 

But how do you know what matters to them? 

Ask them. 

It’s often as simple as that – and yet the ‘asking’ step is one that’s so often missed in cybersecurity awareness communications. 

Identify who you’re talking to, and ask them what they care about protecting. 

Is it their personal data? Their intellectual property? Their family’s privacy? Their professional reputation? 

Why would a breach matter to them? Why should they care if it happens? How could it actually affect them – not in terms of what they should care about, but in terms of what they truly care about? 

Dig into that – and aim your storytelling there. 

It’s more time-consuming than a one-size-fits-all approach ⏳

Designing an awareness initiative that communicates the message in just one, hard facts, this-is-how-it-is way is appealing – because you just have to do it once and roll it out to everyone. 

Then you’re done. 

Except you’re not done – because it doesn’t work. 

Adjusting the story to engage different groups of people takes a lot more time, creativity, and resources. But it’s worth it because it works. 

Stories work. They tap into the parts of our brain that feel emotion, that feel curiosity, that feel – and when someone feels something, they’re more likely to remember the information that made them feel that way. 

In her book Wired for Story, Lisa Cron (Author, Speaker and Story Coach) wrote: 

“Story, as it turns out, was crucial to our evolution – more so than opposable thumbs. Opposable thumbs let us hang on; story told us what to hang on to.” 

So use story to tell people what matters about cybersecurity – and how they can protect themselves, their organisation, and their community. 

Do you think cybersecurity leaders could use storytelling to communicate better? 🗣

1. Yes! vote

2. No – I don’t think story matters in cyber vote

3. Maybe – I need to see a great example before I decide vote

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 27 March 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.