Cyber insecurity often feels like a horror story, and the idea of cyber security an out-of-reach myth. The last couple of years have seen breaches that are bigger, and of a higher profile, than ever before. When we trace these breaches back to their cause, we often find that attackers took advantage of human behaviour, via social engineering, poor password management, gaps in physical security or malicious insiders. Organisations are increasingly focused on raising cyber security awareness, and the UK government has spent millions of pounds on the Cyber Streetwise campaign, and yet we seem to be making little (if any) progress when it comes to changing behaviours.
This talk argues that, in lots of ways, we are making fundamental mistakes when it comes to our attempts to raise awareness. Combining sociological and psychological research with mythology and classic horror fiction, this talk highlights lessons we can learn in our approach to raising cyber security awareness. Emphasising ways we can positively engage with people to change behaviours for the better, this talk aims to provoke ideas and discussions that will lead to awareness-raising programmes that are focused on what the 'user' needs to know, and how we should be telling them, to achieve the most impact and make cyber security less of a monster.