IT disaster recovery, cloud computing and information security news

Why organizations need to create a new role: the Behavioural Intelligence Officer

By Adesh Rampat.

With the advent of increased cyber security related threats, the majority of attacks point to one target: and that is the human element. Examine any survey relating to cyber security threats faced by organizations from Ransomware to Phishing and these attacks all have a common target; the human who will inadvertently trigger the attack.

Organizations are battling on a daily basis to keep users educated through awareness programs, technology learning systems, etc., and yet successful attacks continue unabated. 

The time has now come for organizations to reconsider the approach taken to prevent attacks on systems. Applying human behavioural science to  understanding why a user would be enticed to act on an email or social engineering bait to provide an attacker an open doorway to the company’s systems is required.

This cannot happen by the organization’s user population attending a training session or introducing some new costly technology but, instead, requires the creation of a new job role: the Behavioural / Behavioral Intelligence Officer (BIO). The BIO will need to bring in behavioural skills to explore why attacks on end users are proving successful even with state of the art security solutions in place. The role of the BIO position, therefore, would be to continuously analyse human behaviour through cyber security related user education programs and simulated cyber attacks in an organization using baiting techniques to determine risk exposure. Another critical function would be information gathering from various threat intelligence feeds to determine correlation to human behaviour.

What skills would the Behavioural Intelligence Officer need to bring to the table? First off, behavioural science knowledge know how as the main competency, supported by information security knowledge with accompanying certification.

It is to be noted that although the main focus would be understanding employee behaviour as it pertains to information security, other areas of importance include understanding why human errors occur in the IT environment and developing remediation approaches for helping correct this.

The Behavioural Intelligence Officer would report to both the CISO and CIO as intelligence gathered would be of critical importance to both parties. 

The author

Adesh Rampat has 28 years of experience in the IT industry including 10 years in operational risk management. He can be reached at adeshpcs@gmail.com



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.