29 Sep Security Awareness Insider – Interview
SWITCH and APWG have a long history together: we have been collaborating for many years in the field of cybersecurity. Moreover, we have been working together in the Cybersecurity Awareness domain since back when it was only starting to take shape. Therefore, in preparation for European Cybersecurity Month, we’ve decided to have a chat with Katja Dörlemann from SWITCH about their cutting-edge and highly innovative podcast on Cybersecurity Awareness: Security Awareness Insider.
1- Why did you decide to create a podcast on security awareness? Further, why did you decide to create it in German?
There are more than 2.6 million podcasts available on Spotify. For every possible topic, you can find experts, famous people or entertainers that are talking about it. Among podcasts evolving around politics, sports, psychology, crime or history, there are also some putting the topic of information security into the spotlight.
If you are working in security awareness, though, there is not much in it for you. Most podcasts about security cover the topic by inviting one single phishing simulation provider. But as you know, there is so much more to it!
This is why Marcus Beyer (Security Awareness Officer at Swisscom (https://swisscom.ch)) and I decided to start our own podcast focused only on security awareness. Marcus and I have known each other for more than 10 years now, and we have worked together for almost 5 of those years. We usually have a good time together and we wanted our listeners to have a good time with us. So, we chose to speak in our native language – that’s how we feel most comfortable.
2- Are there many awareness campaigns in German-speaking countries?
Yes, there are! As of now, our podcast show has presented ten exceptional programs, and the list of campaigns is still growing. Organizations such as the Deutsche Post (DPDHL), Commerzbank and the Swiss Army are running very sophisticated and inspiring programs.
But, there may be some episodes in English one day. If you have a suggestion for an interesting guest, let me know!
3- Since the start of your podcast, have you discovered any new or surprising challenges in cybersecurity awareness?
That’s what I love most about the podcast – we get to talk to so many interesting experts! All of them have a different way of looking at Security Awareness. We have had experts on storytelling, human-centred design, and IT communications usability. But I guess the most surprising aspects came up during the episode with the psychologist Dr. Katharina Bernecker. (https://www.securityawarenessinsider.ch/e/motivationspsychologie-zu-sicherem-verhalten-motivieren/). We talked about how we can motivate people to do things they don’t enjoy doing. That was very inspiring! Because that’s what we have to do: we also have to motivate people, not (just) teach or train them.
4- What practical recommendations would the SWITCH Foundation offer to potential organizers of awareness campaigns, after having interviewed so many different experts?
Start by assessing the security situation for your stakeholders (users) and try to make secure behavior as easy as possible. Does your organization offer the use of a password manager? Do your colleagues know who to turn to when they have a security issue?
Also, effective Security Awareness requires interdisciplinary expertise. Try to build alliances (with communications, HR, …) within your organization to find, provide, and support the resources needed for heightened awareness.
5- With an eye to actually implementing hands-on awareness training, what aspects do you find to be the most difficult in terms to enact?
This is easy: engaging people. Security is hardly anyone’s top priority, so we have to motivate people to read the provided information, follow the provided guidelines and support us in increasing the level of security. But engaging people is very hard and takes a lot of effort.
6- What are your future plans for the podcast?
Since we receive a lot of positive feedback and the number of our listeners is steadily rising, Marcus and I will continue inviting interesting experts and practitioners to the podcast. There is still so much more to discuss and many more programs to present. I’m looking forward to the topics we’ll discuss up to the end of this year – but I won’t give any spoilers right now. 😉
7- Compared to five years ago, do you think that society is now more aware of the risks of surfing the internet? What more can we do to better educate people about cybersecurity?
In my experience, it’s not just about education. Nowadays, people are more aware that surfing the internet is risky, but that doesn’t imply that we behave in a more secure way. The cybercrime landscape is getting more and more sophisticated, and many users are either overwhelmed or overconfident. So first, we have to help internet users understand what’s at stake, and give them a rough overview of how cybercrime works. The danger of cybercrime is not the black-hooded hacker in their basement somewhere: there’s an entire industry based on stealing information and data.
Second, we have to support user behavior that is more secure. The usability of security processes and technology has to increase significantly. In fact, there is a lot of research being done on that issue – and of course you can already find interviews with experts speaking about enhanced usability or human-centered design on our podcast.