There is a growing discussion today about how companies should address the “human element” in security solutions to face the greater sophistication of cyberattacks, but the best approach is to make people part of the solution, not part of the problem.

That’s according to Shira Rubinoff (pictured), cybersecurity and blockchain adviser, consultant, speaker, thought leader, author and influencer. This vision is part of Rubinoff’s recently released book, “Cyber Minds,” which sees cybersecurity as the umbrella over all other technology and the human element at the forefront.

“You can’t just focus on the people without focusing on the technology and in the process,” Rubinoff said. “They have to work hand in hand all the time; you really need all of it together.”

Rubinoff spoke with Jeff Frick, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed the challenges that companies face in the cybersecurity area, how they should face the problem, and the insights from her book on the subject.

Tailored training for each generation

The process for addressing the human element begins with understanding the demographic aspects of companies. For the first time, enterprises have four generations working side by side, and these people learn differently, Rubinoff pointed out.

“The training should be adjusted to the type of people that we’re teaching,” she said.

Even if employees are properly trained, there are challenges related to the great variety of cyberattacks. It is no longer just the traditional “fishing,” where someone needs to click on a link. Now, for example, the number of attacks associated with social networks has risen, Rubinoff explained.

“It boils down to tricking somebody, getting someone’s trust, because, once somebody becomes a trusted source, people share information freely,” she said. “People are putting too much information out there [on social networks] and opening the door for more than a phishing attack.”

One approach that has been increasingly considered in this scenario is the zero-trust security trend. But Rubinoff believes that it’s not necessary to lock down everything all the time to ensure security, as this can be poorly received by employees.

“What I say to organizations is: Don’t lock down things that don’t need to be locked down,” she said. “And when you lock down something, it’s important to have that 360-dialogue with your employees. If you make them part of the solution — ‘Hey, we’re in this together. Let’s make this part of the culture’ — you’re going to have some cohesiveness.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

Photo: SiliconANGLE