The Importance of Human Centered Security Design
By contributor Lyan Ware
In my previous blog post Is Cyberpunk Becoming Reality? I discuss how the implication of a dystopian robotic takeover is still highly unlikely because humans still remain the biggest threat to our security. In order to catch up to the ever-evolving advancements in technology, we need to come up with solutions that cater to the behaviors and needs of users. This means taking a holistic approach: developing a culture around cybersecurity best practices.
Human Centered Security Design (HCSD) considers all aspects of the human-technology interaction. This includes factors such as human psychology, cognitive biases, and social engineering. HCSD also considers the organizational culture and the way that people work. With HCSD, the goal is to design security measures that are effective and efficient, without placing an unduly burden on users.
For organizations, this means providing regularly scheduled security awareness trainings. Employees are a critical piece in a company’s cyber defense strategy. Training employees on how to identify and avoid phishing scams, malware, and other threats will mitigate many risks due to sheer human error. In 2018, a study by the National Institute of Standards and Technology (NIST) found that organizations that implemented HCSD practices were 30% less likely to experience a data breach. Another study by the University of California in 2017 found that employees were 30% more likely to report suspicious activity after receiving security awareness training based around creating a culture of security.
Other implementations of HCSD include designing user-friendly security controls. If security controls are too complex or cumbersome, users will be less likely to use them, which can increase the risk of a cyberattack. Therefore, designs should be optimized as user-friendly to improve threat mitigation. This can be achieved by collecting user input. Employees are often the best source of information about potential threats and vulnerabilities. By involving employees in the security process, companies can get their input and help to ensure that security measures are effective, efficient, and easy to execute.
While HCSD is fundamental in augmenting security programs, it is not without its challenges. Some of the primary concerns include striking the right balance between usability versus security, the complexity of human behavior, catering to diverse user needs, adaptation to the constantly evolving threat landscape, balancing privacy against security concerns, and navigating organizational and cultural barriers. Despite these challenges, the benefits of Human Centered Security Design are too substantial to overlook. By addressing these concerns through a multidisciplinary approach, security professionals can create systems that are both secure and user-friendly, enhancing overall security for organizations and individuals.
It can be difficult to understand human behavior and psychology.
It can be difficult to design security measures that are both user-friendly and secure.
It can be difficult to change organizational cultures.
Despite the challenges, human-centered security design is an important approach to cybersecurity. It can help to reduce the risk of human error and improve the overall security of an organization.