CybSafe has launched the next iteration of SebDB, the world’s most comprehensive security behaviours database.
SebDB is the result of collaboration between academics, government, and industry experts. It maps over 70 specific security behaviours linked to security risks. This helps security professionals prioritise the targeting of specific security behaviours to reduce risk.
It enables organisations to take a vital next step in protecting their organisation that many miss. While many organisations train their people with Cybersecurity Awareness and Training, it is often not measured in any meaningful way. The links between security behaviours and risks are not always clear. It’s hard to know which interventions to apply. It’s harder still to explain how interventions reduce risk.
Dr. Jason Nurse, CybSafe’s Director of Science and Research, said: “Most security professionals set broad goals like “reduce account compromise”. But they don’t identify the security behaviours linked to the risks. If you aren’t identifying individual security behaviours, it is extremely difficult to measurably reduce human risk in your organisation. This is not a straightforward activity. That’s what SebDB aims to support.”
SebDB is built by the community for the community. It is a research effort and a practical tool that helps security professionals with the complexity and risk they face now and into the future. It helps organisations change behaviour linked to security risks.
In a world where access to technology is no longer optional, people behave differently with technology, providing more opportunities for cyber criminals. By focusing on security behaviour rather than generic and ineffective Security Awareness and Training, organisations will better protect themselves.
Oz Alashe, CEO of CybSafe said: “Cyber security challenges need to be solved collectively. This is the goal of SebDB. Run by the community, it helps identify links between security behaviours and risks that are not always clear. Knowing how behaviours affect risk changes things significantly, for the better, allowing decisions and interventions to be made on evidence, not guesswork.”
In a recent blog written by Forrester analyst Jinan Budge, she states: “SebDB, a crowdsourced database by CybSafe, for example, contains a comprehensive list of over 70 digital behaviours to pay attention to; it goes a step further and also ties them to the risk that they pose.
“Digital behaviours include using a VPN, tethering a laptop, locking devices, changing passwords, and using password managers. While many training programs try to train people on these behaviours, hardly any of them measure whether these behaviours pose a risk to organisations, or, if they do, whether the training actually changes these behaviours. A recent NIST study supports this, with 44% of survey participants rating ‘what to measure and how to measure program effectiveness’ as ‘very’ or ‘moderately’ challenging.”