“Updating teams with short, regular messaging updates can be very effective. Move away from those 60-minute training classes every year to a 30-second video every week or two.” A panel of specialists on the human side of cybersecurity discussed how important people are to ensuring the integrity of operations.

Cybersecurity: People are your first line of defense

Nov. 13, 2023
A panel of specialists on the human side of cybersecurity discussed how important people are to ensuring the integrity of operations

Cybersecurity discussions tend to focus on software and hardware technologies to detect and isolate threats. But there’s are growing awareness that people can be the most effective cyber-attack deterrent—if they’re informed about the importance of their actions.

At Rockwell Automation’s Automation Fair 2023, a panel discussion focused on this issue and explained how companies can build a human firewall to protect their operations.

Drew Rose, chief security officer and co-founder of Living Security (a provider of training to address cyberthreats) noted that workers don’t need to know everything about cybersecurity to be effective. “But they do need to know when to ask for help or raise a red flag,” he said.

To teach workers how to do this, Rose said you need to make your communications about cybersecurity fit who the workers are. For example, if you’re speaking to employees who work with automated machines, you should explain what an attack on your business means to the machines they work with.

Internally, Rockwell Automation stresses that cybersecurity is everyone’s business. “Our motto is ‘cybersecurity starts with you,’” said Paula West, IT marketing and engagement manager at Rockwell Automation. “We also show how the things we teach them about cybersecurity can protect them and their families—not just their workplace.”

The language you use is also important, added Alex Panaretos, director of professional services at Proofpoint (a cybersecurity platform provider). “There’s a difference between asking someone to ‘report’ something and asking them to ‘notify’ you,” she said. “When you ask people to report something, interaction tends be low. But if you ask for a notification so that someone else can handle it, we’ve seen engagement increase by 60%.”

Keep training up to date

The cyber threat landscape is constantly changing. While the core tenets of good cyber practices will continue to protect a company’s systems, workers need regular updates to keep abreast of the latest tactics.

West said Rockwell uses real world examples to keep employees up to date. “Talk about what’s actually happened at your company,” she said, including attacks that were avoided or suspicious activities that have been detected. It’s also key to understand the day-to-day realities of different workers’ roles and the threats they may face in their work to help tailor your communications with them.

“We’ve had success with enterprise messaging,” said Rose. “Updating teams with this method via short, regular updates can be effective. Move away from those 60-minute training classes every year to a 30-second video every week or two.”

Rose added that it can help to talk about how the cyber-attacks they hear about in the news could impact your organization. “Your message has got to be more than: Ransomware is bad,” he said.

“Build relationships between employees and your cyber help desk,” advised Panaretos. “For decades, cybersecurity has been about technology and processes without recognizing there’s a person involved in everything. To build those relationships, it’s important for organizations to realize they have neurodiversity and cultural differences in their workforce.

“Try to understand why people are doing something,” she said. A loss of focus can be caused by caregiver stress experienced by the worker or other at-home issues. Having this level of interaction “creates a human connection,” she said. “People need to know they can make a mistake and recover from it. You need open dialogues. A silent organization is a dangerous one.”

About the Author

David Greenfield | Automation World

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...