Kristen Pedersen
VP of Cyber Operations & Chief Research Officer
Norwich University Applied Research Institutes
Cybersecurity is about Human Behavior, not IT
Cybersecurity is not just a technical issue it's a matter of how individuals and teams within an organization behave, make decisions, and interact with technology. And training alone doesn't solve the problem! There are many ways in which organizational behavior principles influence cybersecurity. It is imperative that leadership create an authentic organizational culture that supports security. The following will be addressed during the session: • Workplace Culture: Most important! The culture of an organization plays a significant role in cybersecurity. A culture that prioritizes security and promotes ethical behavior is more likely to have employees who follow security policies and report suspicious activity. But, how do you create this culture? • Employee Awareness and Training: Organizational behavior principles emphasize the importance of employee awareness and training. Employees who are aware of cybersecurity risks and understand their role in protecting the organization's digital assets are more likely to follow security protocols and best practices. IF they are motivated to do so. • Human Error: Many cybersecurity breaches occur due to human error, such as clicking on phishing emails, using weak passwords, or mishandling sensitive data. Organizational behavior principles can be applied to understand why these errors occur and develop strategies to reduce them. • Motivation: Motivation and incentives are important drivers of behavior. Organizations can design incentives and recognition systems that encourage employees to follow cybersecurity best practices and report security incidents promptly. • Decision-Making Processes: Decision-making processes within an organization can impact cybersecurity. Understanding how decisions are made, the role of cognitive biases, and the influence of group dynamics can help in making security-related decisions more effectively. • Communication: Effective communication is essential for cybersecurity. Organizational behavior principles can help in improving communication between IT departments, security teams, and other employees. Clear and open communication channels can facilitate the reporting of security incidents and the sharing of security updates. • Leadership and Role Modeling: Leaders play a critical role in shaping behavior within an organization. When leaders prioritize and model good cybersecurity behavior, it sets an example for others to follow. Leadership development must incorporate cybersecurity awareness and practices. • Ethical Behavior: Ethical behavior is a fundamental aspect of cybersecurity. Organizational behavior principles can be used to foster a culture of ethics and integrity, which is crucial for maintaining trust and security in an organization. Organizational behavior principles influence cybersecurity by addressing human factors, culture, communication, and decision-making within an organization. By applying these principles, leaders can create a more secure environment and reduce the risk of cyber threats. This session will provide the top 5 things leaders can implement immediately to improve organizational security.
Kristen Pedersen, PhD, is the Vice President and Chief Research Officer of Norwich University's Applied Research Institutes (NUARI). As Vice President, she is responsible for managing NUARI's portfolio of Cybersecurity and Information Operations contracts and projects for DHS, DOD, NSA, and national and international critical infrastructure organizations. A major focus is NUARI's Distributed Environment for Critical Infrastructure Decision-making Exercises (DECIDE®), and the development and delivery of cybersecurity and physical-threat focused exercises to test incident response protocol and improve the resiliency of critical infrastructure organizations. She has expertise in strategic communication, information operations/environment, media/disinformation analysis, crisis and incident preparedness, and organizational behavior. Kristen is also an adjunct professor in Norwich University's Security Studies and Defense Analysis Bachelor's Degree program and teaches Leadership, Organizational Behavior, and Organizational Design & Change. She is a former US Coast Guard Operations Specialist.