Cyber Security Awareness Month coincides with one of our favourite celebrations here at Cygenta, and that, of course, is Halloween. So, it’s only fitting that this month I have given a few awareness sessions for clients based on one of my most popular talks, Cyber Security Myths and Monsters.

What do myths and monsters have to do with cyber security? Well, in this talk I explain how cyber criminals are the vampires of cyber insecurity, exploiting others – draining their resources – as a means of building themselves up with money, information or status. The most recent version of the talk has been a great excuse for me to reference What We Do in the Shadows, those attackers that can seem pretty funny but we mustn’t forget, can cause real harm: AKA, the script-kiddies.

Among many other stories, I explain what Frankenstein can teach us about non-malicious insiders and how physical, digital and human security is the three-headed approach guarding the gates of cyber insecurity, much like Cerberus is the three-headed dog guarding the gates of hell. In this way, I cover the main threats in cyber security with classic movie monsters and myths, bringing the subject to life with stories that people really engage with. Humankind has always used stories as a way of understanding concepts that we want to better understand, and I think this is why Cyber Security Myths and Monsters works so well. Some of the stories I use are very well known (like Dracula), others not so much (people love learning about the myth surrounding the creation of the Giant’s Causeway and how I relate that to cyber war) but regardless of whether they come into the room knowing the stories or not, they leave with a fresh perspective on cyber security, told with a bit of humour, a bit of drama and a lot of great pictures.

Image by Graham Humphreys www.grahamhumphreys.com

Most of the talk is aimed at people who do not work in security, raising awareness of the threats and what we can do to better-protect ourselves. But I end by referencing two myths that give a special message for those of us working in security: Pygmalion and Golem (nope, not Gollum) and, more particularly, the Pygmalion effect and the Golem effect, which are psychological phenomenons, forms of self-fulfilling prophecies, that should inform how we communicate with others. The Pygmalion effect teaches us that if we speak respectfully to others, empower them and communicate high expectations, they will raise their behaviours to meet our expectations. The Golem effect is the corollary: if we speak poorly to others, undermine them and communicate low expectations, people will lower their behaviours to meet our expectations. There are lots of reasons why we should move away from the damaging narrative that people are the weakest link in cyber security and the Golem effect is possibly top of the list.

At Cygenta, one of our core aims is to de-mystify cyber security and make it less of a monster. This month alone, as part of our people-centric services, we will have spoken to over 5,000 people throughout the UK, Europe and the USA, doing what we can to support our clients delivering their Cyber Security Awareness Month projects. We hope CSAM has been as successful for you as it has been for us, and we wish you a happy Halloween!