Why organizations need to create a new role: the Behavioural Intelligence Officer
- Published: Monday, 21 May 2018 08:19
By Adesh Rampat.
With the advent of increased cyber security related threats, the majority of attacks point to one target: and that is the human element. Examine any survey relating to cyber security threats faced by organizations from Ransomware to Phishing and these attacks all have a common target; the human who will inadvertently trigger the attack.
Organizations are battling on a daily basis to keep users educated through awareness programs, technology learning systems, etc., and yet successful attacks continue unabated.
The time has now come for organizations to reconsider the approach taken to prevent attacks on systems. Applying human behavioural science to understanding why a user would be enticed to act on an email or social engineering bait to provide an attacker an open doorway to the company’s systems is required.
This cannot happen by the organization’s user population attending a training session or introducing some new costly technology but, instead, requires the creation of a new job role: the Behavioural / Behavioral Intelligence Officer (BIO). The BIO will need to bring in behavioural skills to explore why attacks on end users are proving successful even with state of the art security solutions in place. The role of the BIO position, therefore, would be to continuously analyse human behaviour through cyber security related user education programs and simulated cyber attacks in an organization using baiting techniques to determine risk exposure. Another critical function would be information gathering from various threat intelligence feeds to determine correlation to human behaviour.
What skills would the Behavioural Intelligence Officer need to bring to the table? First off, behavioural science knowledge know how as the main competency, supported by information security knowledge with accompanying certification.
It is to be noted that although the main focus would be understanding employee behaviour as it pertains to information security, other areas of importance include understanding why human errors occur in the IT environment and developing remediation approaches for helping correct this.
The Behavioural Intelligence Officer would report to both the CISO and CIO as intelligence gathered would be of critical importance to both parties.
Adesh Rampat has 28 years of experience in the IT industry including 10 years in operational risk management. He can be reached at firstname.lastname@example.org