Behaviour hacks: How to build a human-driven cyber defence

Wednesday
 
19
 
March
1:50 pm
 - 
2:30 pm
Location
Think Tank 2

Speakers

Reilly Innes

Reilly Innes

Commercial Engagement Lead
Alpha Echo

Synopsis

In 1989, Clifford Stoll published a first person account of his pursuit of a hacker through a university's computer network, detailing the methods and tactics used by the attacker and his quest to identify the source. This was possibly the first documented threat hunt, however since then, the tactics used by adversaries have hardly changed. Despite the significant investment in security, innovation in cyber and extensive research in computer science, most attacks remain very targeted towards one key vulnerability - human error. Despite this, most of the research into human error is focused on phishing, and the main course of action seems to be cyber awareness training. Whilst these are important aspects of a human-cyber capability, a broader view is needed to account for the interwoven human behaviours that persist through all digital behaviours. Limiting human error, nudging towards secure behaviours, building usable policy and cultivating strong cyber culture represent low effort, high impact avenues to strengthen human-cyber capability. In this talk, Dr Reilly Innes will discuss his research into human-cyber capability, including assessment and remediation that is grounded in literature, and how his role aims to 'solve the human-cyber problem'. Moving from a career in academia which focused on understanding human psychology to the cyber realm meant a fresh perspective when approaching cyber awareness, training and education, culture, policy, behaviour change and decision making. Reilly will also discuss how organisations can leverage scientific research and insights from behavioural science to inform a data-driven, holistic, human-cyber capability uplift program. This talk aims to provide a comment on a path forward for cyber awareness and spark discussion around cyber culture measurement. Reilly will recount experiences from experience with Government and commercial organisations, and show how through understanding behaviours and our people, we can tailor more effective and engaging human-cyber capability uplift programs.

Acknowledgement of Country

We acknowledge the traditional owners and custodians of country throughout Australia and acknowledge their continuing connection to land, waters and community. We pay our respects to the people, the cultures and the elders past, present and emerging.