How to improve the human factor in cybersecurity

We’re always talking about the power of human beings in cybersecurity – because people can make or break security policies. At #BHMEA22 a panel of experts got together to talk about how we can unleash the human factor and empower people to increase security – at the level of the government, the organisation, and the individual. 

Chairing the discussion, Mohammed Ayesh (Director of Cybersecurity and Resilience at PwC) said: 

“Cybersecurity culture is defined by people. Not just the individuals within the cybersecurity team; it’s the entire workforce. To successfully build a culture of security everyone in the organisation must be convinced, to a certain extent, that security is part of their jobs.” 

People as the first line of defence 

Dr. Reem Al Shammari (Global Thought Leader in Cybersecurity and Technology) agreed; “You said a very important word — they need to be convinced to work on the human factor. The issue is with our humans, that we really need to invest in their empowerment.” 

Significant investments in technology and defence lines should be mirrored with investments in security awareness and skills development, both within organisations and on a broader scale, to ensure that a new generation of cybersecurity talent is always emerging. 

So how can we drive the growth in awareness, talent, and (importantly) interest in cybersecurity across diverse populations? 

Mari Galloway (Founder and CEO at Cyberjutsu) added, “One way that you can do that is by joining organisations like Women in Cybersecurity Middle East, Cyberversity, Cyberjutsu…if there isn’t a local chapter here for any of those organisations, start one. Talk to people from other countries and say hey, how do we bring this to this region, how do we work together to build that global cybersecurity culture in general – not just for that one organisation.” 

And then be open to learning and to sharing what you learn. Galloway and Shammari are a great example of this – they collaborate across country borders, bringing their communities together to empower more cybersecurity talent and enable knowledge-sharing. 

Everyone in cyber can support the development of new talent 

Ayesh noted that there’s a young generation with huge potential to increase the skill and talent available in the cybersecurity industry – and asked how academic organisations, governments, and cybersecurity industry leaders can help to ensure that nations have a strong cybersecurity workforce. 

“When we talk about cybersecurity, it is a team sport,” Shammari said. “We need to work collectively. The government can’t do it by itself, academia can’t do it by itself, NGOs and the community can’t do it by itself, and the industry can’t do it by itself.”

“It needs to be all of us together on the same ground with that one mission to raise our awareness, bring up our defence lines, and protect our nations. Because cybersecurity has become a national security matter, when countries are being attacked and economies are being demolished because of that.”

Academia has always been a valuable starting point – and educational institutions, not just universities but also early years schools, need to invest in updating their curriculums and encouraging interest and talent in the cybersecurity space. “We need to have a junior cybersecurity officer in schools,” Shammari suggested, and “let them guide awareness and develop trainings.” 

Because this will feed into a more cyber aware culture. 

To this, Galloway added: “And after they’ve gotten out of school it’s really important that organisations and the government and the community partner with companies, like SANS, for training – to provide bootcamps and continue the education to those students. It’s important to work with the non-profits that are offering additional training to help improve those skills and increase those skills.” 

“And working with those partners is how we continue to build a pipeline and improve that human factor in cybersecurity.” 

In short: “Get involved.” 

Cybersecurity is a critical industry for the modern world, and the responsibility to increase cyber resilience in the future belongs to all of us – so we should all do what we can to facilitate learning, and develop new talent.