The 19-Day Gap in Human Defence: Why Security Awareness Lags Behind Emerging Threats | Human Firewall Leaders Community

Human Firewall Leaders Community Icon

Melissa G.
·
·
💭 Markus P. Thomas B. Sabrina H. Lars S. Aljoscha T. would love your perspective here - what’s typically driving this kind of delay in your experience? 👀
Lars S.
·
(edited)·
Melissa G. In my opinion, it is all about linking the security processes. If incident management, risk management and implementing measures are not linked, the reaction becomes slow and then the result will be the mentioned 19days. If the root cause is a human risk, then awareness measures should follow immediately if the risk evaluation is high or very high for the organisation. The key point is how urgent and concrete the risk is. For an high and immediate risk, 19 days is far too long. For a more abstract or long‑term risk, 19 days sounds "fair". For me the reaction time needs to defined and evaluted by the inherent risk (incl. the orginal threat)
Melissa G.
·
·
Really interesting point, Lars S., especially what you mentioned, that the reaction time should depend/ is linked on how concrete and immediate the risk is. It raises a tricky question though: even if we know a risk is high and urgent, many organisations struggle to translate that into immediate action, especially when it comes to human behaviour. 💭 Sabrina H. Jochen S. Monika G. Robert K. curious how you see this, is this mainly a process integration issue, or an execution gap between risk awareness and action?
👍1
Robert K.
·
·
Melissa G. Lars S. It depends on the incident. You could say that the human line of defence is the third line of defence. In some cases, an incident is detected by a person before technical measures are triggered. There are a few things that I consider important in this regard. I would rather have 100 reports and 10 incidents than 10 reports and 1 incident. In addition, it is about creating a consistent and integrated process. Employees need to feel responsible. The only way to achieve this is by giving them that responsibility, instead of assigning it solely to management. Think of roles such as risk owners or process owners. As Lars mentioned, the connection between the different lines of defence is very important, and I agree with that. Unfortunately, this does not always mean incidents will follow the same route, as mentioned earlier. Repetition is key. Especially with the new “policy to lesson” functionality, it becomes easy to offer organisation-specific measures and policies to employees within SoSafe.
👍1
🎯1
Melissa G.
·
·
Robert K. thank you sharing your perspective too!! 💯 Really interesting, especially what you mentioned, that the human line of defence can detect incidents before technical controls do. That shifts the conversation from “employees as the weakest link” to employees as active sensors! And totally agree on the ownership aspect too, giving people clear responsibility seems to make a huge difference. The risk owner/ process owner model is a really strong example of that. 👏 Curious what others might think Luke Q. Markus P. Matthias R. Thomas B. - looking forward to hearing your thoughts on the conversation too!

The 19-Day Gap in Human Defence: Why Security Awareness Lags Behind Emerging Threats | Human Firewall Leaders Community