Cybersecurity professionals: Positive reinforcement works wonders with users

Image: iStock/jauhari1

With each the negativity successful the world, it feels similar a bully clip to punctual everyone that affirmative reinforcement is an effectual instrumentality for improving worker behaviour erstwhile it comes to cybersecurity.

SEE: Security incidental effect policy (TechRepublic Premium)

To support everyone connected the aforesaid page, let's usage the explanation championed successful Courtney E. Ackerman's PositivePsychology.com nonfiction Positive Reinforcement successful Psychology: "A desirable oregon pleasant stimulus aft a behavior. The desirable stimulus reinforces the behavior, making it much apt that the behaviour volition reoccur."

Ackerman cited celebrated psychologist B.F. Skinner's Operant Conditioning Model arsenic a mode to clarify affirmative reinforcement. "Skinner's exemplary of operant conditioning is based connected the presumption that studying a behavior's origin and its consequences is the champion mode to recognize and modulate it," Ackerman said. 

Skinner's operant exemplary uses the pursuing methods of conditioning:

• Positive reinforcement: A desirable stimulus is introduced to promote a circumstantial behavior.
• Positive punishment: An undesirable stimulus is presented to discourage an existing behavior.
• Negative reinforcement: An undesirable stimulus is removed to beforehand an due behavior.
• Negative punishment: A desirable stimulus is removed to discourage an existing behavior.

"Each of these 4 methods of conditioning tin beryllium implemented to teach, bid and negociate behavior," Ackerman said.

Why is science important successful cybersecurity?

According to the FBI, phishing was the astir communal benignant of cybercrime successful 2020, and phishing lone works if the intended unfortunate is coerced into doing what the cybercriminal wants. Hence, users get blamed for their consenting information and person a batch of what Skinner considered punishment.

SEE: DDoS attacks mostly people the US and the computers and net sectors (TechRepublic) 

Sai Venkataraman, CEO of SecurityAdvisor, successful his Help Net Security article, The powerfulness of affirmative reinforcement successful combating cybercriminals, said helium wants absorption to rethink its attack and usage affirmative reinforcement instead. 

"It's important to admit that cognitive bias is portion of the quality brain's constitution and functionality," Venkataraman said successful his introduction. "While these subconscious intelligence shortcuts marque it hard to alteration behaviors, it's not impossible."

Cognitive bias is hands down the culprit. Charlotte Ruhl, successful her Simple Psychology nonfiction What Is Cognitive Bias? defined cognitive bias as:

"A subconscious mistake successful reasoning that leads you to misinterpret accusation from the satellite astir you and affects the rationality and accuracy of decisions and judgments. 

"Biases are unconscious and automatic processes designed to marque decision-making quicker and much efficient. Cognitive biases tin beryllium caused by a fig of antithetic things, specified arsenic heuristics (mental shortcuts), societal pressures and emotions."

SEE: Behind the scenes: A time successful the beingness of a cybersecurity expert (TechRepublic) 

Venkataraman said helium feels powerfully that affirmative reinforcement is the mode to go. "Through repetition and contextual learning, behaviors tin alteration implicit time, with affirmative reinforcement serving arsenic the overarching umbrella to an organization's broader security-awareness strategy," helium said.

To that end, Venkataraman offered the pursuing guidelines to assistance those liable impact meaningful behavioral changes:

Set wide rules: Managers successful complaint of cybersecurity and quality resources request to intelligibly pass institution policies regarding cybersecurity incidents to each concerned. Also important is knowing however to correctly face those liable for an incident. 

"This is simply a important measurement successful ensuring that employees admit that the enactment is not trying to drawback them doing thing wrong, but alternatively supply them with the tools and guidance to place imaginable malicious attacks," Venkataraman said. "Laying down these crushed rules volition summation buy-in from crossed the enactment and guarantee everyone is connected the aforesaid page."

Make it personal: Managers request to pass to each worker that they volition person personalized acquisition regarding cybersecurity. "Everyone engages successful unsocial actions and behaviors, and they're much inclined to perceive erstwhile they respect the accusation arsenic straight relevant," helium said.

SEE: How to guarantee your vendors are cybersecure to support you from proviso concatenation attacks (TechRepublic) 

Don't marque employees consciousness anserine oregon shamed: This is wherever affirmative reinforcement comes into play. The lone mode to enact meaningful alteration is to found the close tone. 

"Frequently with phishing simulations, employees extremity up feeling anserine erstwhile they made a mistake," Venkataraman said. "The learning acquisition should consciousness integrated and authentic, portion besides being presented successful a adjuvant tone—rather than bashing oregon pointing retired mistakes."

Dog lovers know

Dog owners volition particularly recognize the illustration of puppies being encouraged with a dainty aft obeying a command. "The probability of an worker changing a behaviour strengthens erstwhile they are successful," Venkataraman said. "By approaching information consciousness successful a mode that genuinely encourages and informs employees, their information to destruct a antagonistic behaviour increases."

Moving guardant with affirmative reinforcement

This is not rocket science, but we each person been successful hard situations wherever immoderate thought of affirmative reinforcement was nonexistent. "Instead of undoing behaviors (positive and antagonistic punishment), we indispensable reenforce new, affirmative ones," Venkataraman said. "This volition beryllium cardinal successful decently securing organizations from today's highly blase and relentless cybercriminals."

To punctuation retired U.S. Army wide Stanley McChrystal: "Leaders tin fto you neglect and yet not fto you beryllium a failure." 

Also see

• Cybersecurity: Don't blasted employees—make them consciousness similar portion of the solution (TechRepublic)
• The information and privateness down IBM's Digital Health Pass (TechRepublic)
• How to go a cybersecurity pro: A cheat sheet (TechRepublic)
• Security threats connected the horizon: What IT pro's request to cognize (free PDF) (TechRepublic)
• Checklist: Securing integer information (TechRepublic Premium)
• Cybersecurity and cyberwar: More must-read coverage (TechRepublic connected Flipboard)