#ISC2Congress: Cyber-Psychology to Make the Difference in Tomorrow's Security Organizations

The biggest threat to network security is company employees and firms need to adapt management structures to deal with leaderless environments says a leader in sphere of what is now known as cyber-psychology.

Dr Ciarán Mc Mahon, Independent Cyberpsychologist, warned delegates at the (ISC) 2 security conference in Munich that people had become a wild card in organizations, which were operating at a disadvantage given that the fundamental principles of online working were leaving open the prospect of creating vulnerabilities.

That is, said McMahon, a world with no authority for authority, leaving it very difficult to establish robust controls. Worse still, this was a world where people assume that they do not need leaders and everything should be done by consent. And one in which technology was evolving much fast than the required corporate psychology required to cope best with this change, meaning that there was tension between traditional and leaderless corporations.

As a solution, McMahon advised firms that they had to appreciate the contradictions these new paradigms were creating where everyone – from senior management to interns, who were a likely weak link – were part of the infrastructure. They then had to look for people, not necessarily technical experts, within organizations who could acct as champions in security development.

These champions though had to, in McMahon’s mind, be cognizant of the psychology off persuasion, evening if the standard route in security was to appeal to a peripheral route to such influence. Firms had to emphasize ideology, community, culture and belief and beware of training that lacked in effectiveness because it facilitated mindless learning. Indeed, he added, appealing to belief and values could help encourage compliance with Infosecurity polices.

Concluding he warned of companies of resorting to fear to implement security policies. Even though this would impact attention, this impact would not be uniform.   He stressed that to be successful, firms had to lead without authority, persuade without uniformity and work without causing undue alarm.

What’s Hot on Infosecurity Magazine?