Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementCybersecurity Education & TrainingSecurity Leadership and ManagementSecurity Education & Training

Think like a cybercriminal: How to strengthen your organization’s security posture

By Bec McKeown
Employee on laptop

Image via Unsplash

January 19, 2023

Historically, a majority (82%) of the cyberattacks organizations face are attributed to human error. Something so technical often boils down to an employee clicking on the wrong link. Cybercriminals know this and often exploit this behavior.

With malicious actors working to take advantage of human nature, security leaders need to work with their teams to know how to quickly respond when a crisis strikes. To accomplish this, security leaders must stop thinking of their employees as their weakest link and instead work with them to turn them into their strongest asset.

This change starts with a shift in mindset. It’s essential to understand how attackers are tapping into the psyche of employees and using that to their advantage, as well as the steps organizations can take to build cyber resilience throughout the company.

How cybercriminals hack the brain

Psychology and behavioral science play integral parts in a strong cybersecurity foundation — and on the flip side, are heavily utilized by threat actors. When you dive into how the brain works, it’s impressive what human beings are capable of. It takes a lot of effort to keep a clear head, even in the calmest of settings.

But when in a state of crisis, a tiny part of the brain, the amygdala, releases adrenaline, which cuts the noise so people hyper focus on the one thing in front of them — this is what causes the “fight or flight” response. In this situation, people believe they’re in control of their actions, decisions and behavior. However, in reality, they’re unaware of many happenings around them. This is the natural state that malicious cybercriminals take advantage of when deploying threats and mining for weaknesses.

How security leaders can use psychology to protect their organizations from attacks

The good news is that there are ways security leaders can strengthen their workforce to overcome this exploitation. Cybercriminals hope to take advantage of what they see as the faulty component within organizations: employees. So, rather than double down on technological defenses, leaders should upskill their people to become an organization’s biggest asset, creating an unbreakable brick wall.

Here are three ways leaders can build true resilience within their organizations:

1. Strengthen team chemistry/morale

As important as it is for employees to be comfortable with cyber-specific scenarios, cybersecurity is a team sport. If strong, trusted group dynamics are not in place, defensive efforts will be much less effective.

Take a broader approach — employees should adopt a collective responsibility mindset throughout the entire organization, so as to not place blame or pressure on just the cybersecurity teams. That said, since security teams often feel the most pressure, leaders should implement team-building activities, such as exercising together regularly, as this helps the team build a better understanding of each other’s work methods and priorities.  Doing this can make a huge impact, as it reduces the friction that can happen during a crisis.

It’s helpful for team members to understand each other in order to tap into each other’s strengths when navigating stressful situations, such as a cyberattack. Team-building efforts may seem trivial when there are “bigger fish to fry,” but security leaders will be thankful if they take the time to strengthen team dynamics during quiet times to ensure a cohesive dynamic during stressful times.

2. Implement regular crisis simulations

Tools and technology alone don’t cut it in building cyber resilience as they don’t account for the strongest and weakest part of the organization — the people. Individual and team capabilities need to be emphasized just as much, if not more.

The current landscape is messy and traditional certifications are not enough to protect against evolving attacks and sophisticated threat actors. Employees should instead participate in regular real-life cyber simulations that are up-to-date with the “threatscape” they are defending against. This goes a much longer way than certifications. By exercising more regularly and strategically, employees will build their cognitive agility and think more clearly in times of stress.

3. Understand how resilient your organization is

“Cyber resilience” is a term that is thrown around quite a bit these days, but most people don’t know what drives real resilience. Real resilience means being able to assess, build and prove cyber capabilities across teams and individuals to ensure the entire workforce is prepared for the next attack. Human performance is measured in many areas of life, from sports to school, yet security leaders haven’t been able to develop a report on organizational security posture and how they can improve it.

Not only do organizations need to upskill and exercise their employees more frequently and strategically, but they also must benchmark against others to understand their current level of organizational resilience and identify gaps to highlight vulnerabilities. This bigger-picture view will ultimately drive the future exercises that organizations conduct to scale up and close skills gaps.

Cybercriminals are becoming more and more advanced and are starting to think like psychologists by exploiting the human brain’s ability to perform under pressure. Cyber leaders must tap into that same mindset and work to strengthen the humans within their organizations. By improving team dynamics, implementing frequent, strategic exercises and keeping a finger on the pulse of their workforce’s cyber skills or gaps, leaders will create a stronger, more cyber-resilient organization.

KEYWORDS: cyber threat cybersecurity management security management tools team collaboration web exclusive

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Bec McKeown is Director of Human Science at Immersive Labs.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • hacker

    Think like a hacker: Offensive cybersecurity approaches

    See More
  • software developer

    How to assess your organization’s application security

    See More
  • hacker-freepik

    Thinking like a hacker: Protect your company from cyberattacks

    See More

Related Products

See More Products
  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing