We've all seen the headlines: AI is taking over, deepfakes are fooling the masses, quantum computing will break encryption! But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always been—humans.
And I'm not talking about the shadowy hackers in hoodies. I'm talking about your employees, your executives, even you. Don't mind me as I just lay it out bare in this little writeup.
The 2022 Human-Centric Cybersecurity Report Project brought together postgraduate students from across Canada to work with partners from both private industry and the public sector to produce a report looking at wicked cybersecurity problems through a trans-disciplinary lens. Cybersecurity Through Human Behaviour just confirmed what most of us in the field already know: Cybersecurity isn't just a tech problem—it's a behavior problem.
And humbly, we're getting it very wrong. Cybersecurity training isn't the full solution. This is because the whole paradigm around security training is building technical knowledge; whereas the whole point of successful social engineering is to bypass the logical and rational brain and bait the subconscious and emotions. Usually when an attack occurs, the technical is out of the window already. So what do we do?
Getting back to the article, let's first break down the findings, the implications, and why it's time for a revolution in how we think about security.
The Cybersecurity Through Human Behaviour study analyzed how employees across different industries interact with cybersecurity training. Here's what they found:
Training is inconsistent. Some employees get onboarding training and never hear about security again. Others get bombarded with policies they ignore.
Zero incentives to care. Employees don't see cybersecurity as their responsibility—so they cut corners. Nobody rewards good security behavior.
Disconnect from leadership. Senior management often treats security as an IT problem, leaving employees to figure it out on their own.
Security fatigue is real. When security rules make life harder—extra logins, blocked sites, endless compliance forms—people stop caring.
And perhaps the most alarming finding?
Most employees think they're better at cybersecurity than they actually are. (Cue the Dunning-Kruger effect in full force.)
This is a disaster waiting to happen. Because no firewall, no AI-powered SOC, no quantum-proof encryption will save you if your employees keep clicking phishing emails, because let's face it... it's WAY easier to hack minds than networks.
The cybersecurity industry has spent billions on technical defenses, yet human errors still account for 80-90% of breaches. Why?
Because we keep treating security as a technical issue when it's really a human behavior issue.
What does that tell us?
We need to rethink security from a psychology-first perspective.
At MindShield, we don't just train people to spot phishing emails—we assess the psychological and cognitive reasons for vulnerability and help build Cognitive Security to build true resilience.
"Cognitive Security" is the protection of mental processes—our ability to perceive, think, and make decisions—from various forms of external manipulation (from social engineering and phishing, to deepfakes and misinformation).
We will be revealing what we are building very soon. We're excited.
Security teams can't keep fighting human vulnerabilities with technical solutions alone. We need both to complete the equation.
Especially upon the emergence of exponential technologies of the Metaverse and Neuro-technologies (like Neuralink) that is transcending the very nature of cyber and cognitive attacks.
The next evolution of cybersecurity will be about understanding, predicting, and influencing human behavior to create a culture where security is second nature and embedded subconsciously.
If we're still relying on outdated training models and ignoring the psychology behind cybersecurity risks—we're already behind. So let's get up to speed, NOW!
And if you're ready to explore further, let's talk.
The future of cybersecurity is cognitive.
Read the full Cybersecurity Through Human Behaviour report here.
This article appeared originally on LinkedIn here.