During this year’s DTX London show, at Excel in Docklands, on Thursday, October 2, Nasser Arif, pictured, a Cyber Security Manager in the NHS, is speaking on Human centric security that starts with culture not compliance. He’ll be part of a panel discussion on the Holistic Cyber Strategies Stage from 1:10pm. He says:
“The cyber security industry is rapidly developing new tools and systems to combat the latest advanced threats. However, we are still seeing news stories about incidents which started with something very simple. Be it a scam phone call or dodgy email, relatively simple social engineering attacks often focus on exploiting human psychology and prey on our natural fear of missing out.
“Importantly, these threats don’t stop at the office door. They follow staff home, affecting their personal lives and devices. This is just one of many reasons why building a positive security culture is essential. We must equip staff to protect themselves and their loved ones, no matter where they are and no matter which device they are using.
As for how organisations can build a cyber resilient culture which empowers their people, in his opinion, the first step is to actively listen to staff members and seek the bigger picture. “Here are a couple of questions to ask yourself:
- How do staff members at my organisation use the technology they have been provided with?
- What are they trying to achieve and how?
- How are they currently learning about cyber threats?
- What is their perception of cyber security as a whole?
- What simple changes can they make to keep themselves safe?
“Once we gain more insights into our organisation, only then can we start to improve security culture. Cyber security is a team sport. In 2025, working in silos is not an option. Whether you’re a doctor working in a busy hospital, a barista serving the best coffee in town or a fellow cyber professional. You all have an important part to play in keep yourself and your organisations safe.
“We must recognise that any form of victim blaming will only isolate our staff members and paint cyber security as the ‘big bad wolf.’ Threat actors spend a lot of time designing sophisticated new attack vectors and methods to manipulate human behaviour. No one is immune.
“A positive cyber culture has no room for victim shaming or blaming. Instead, the focus should be on education and behavioural change. This allows people to respond to these incidents with greater confidence and transparency.
As for what organisations can do to support their employees and ensure they understand threat actor techniques, he says: “Organisations need to keep cyber awareness training up to date. Learn about the latest threats and find a medium to translate and pass this information to your staff. Every organisation is different. Find what works for you and your workforce. There is no one size that fits all, so do not be afraid to get creative! Consider both virtual and live training!”
How will threat actors continue to target organisations via their people in the year ahead, will AI play a big role and what can organisations do to prepare? He says: “We know that based on what we have seen before, AI and other advancements in technology could lead to increasingly sophisticated attacks on organisations. However, trying to predict exactly what this looks like is incredibly time consuming and speculative. Instead, lets invest that valuable time on strengthening positive cyber behaviours across our organisations. As we build a strong foundation of cyber resilience, we will be better equipped to deal with whatever comes next.”
About the show
DTX London running on Wednesday and Thursday, October 1 and 2, covers AI, cyber security, data, cloud, and digital. Visit https://www.dtxevents.io/london-visit/why-visit.
