How Aston Martin designs pro-social cyber security solutions
Robin Smith, CISO at Aston Martin, shares why pro-social cyber security training is the way to go
Add bookmarkCreating engaging cyber security training
The need to raise cyber skills is a priority for many organizations in 2023. With daily stories in the media regarding security and data breaches the anxiety at board level is increasing at a time when regulatory requirements continue to increase. Meeting this increasing threat requires a new way to design cyber solutions that engage a positive mindset and stoke interest in this abstract subject.
This article examines how Aston Martin Lagonda has addressed the need for better design that includes new ways of integrating pro-social methods.
Why use pro-social designs for cyber security?
Aston Martin Lagonda (AML) has been pursuing digital transformation with cyber security featuring across several projects and initiatives. This work has seen the luxury automotive transform operations and deliver modernized digital solutions across all parts of the enterprise.
The program included a focus on Security by Design with services needing to consider cyber security at the start of design and development. Feedback from different internal stakeholders confirmed that cyber skills needed to be upgraded to support digital transformation. This presented the cyber and information security (CIS) team with an opportunity to introduce pro-social cyber solutions to raise digital literacy.
The CIS team had wanted to revise security training to make it more consumable. One perspective that aided solution design was the concept of making solutions pro-social. This term has attracted attention in the last decade and relates to behaviors intended to help other people.
“These actions are characterized by a concern for the rights, feelings and welfare of other people…Pro-social behavior includes a wide range of actions such as helping, sharing, comforting, and cooperating. The term itself originated during the 1970s and was introduced by social scientists as an antonym for the term antisocial behavior.” – Kendra Cherry, MSEd, The Basics of Prosocial Behavior
A pro-social approach
Former attempts to deliver cyber skills training were modest successes. There is no dispute as to the value of certain tools, including induction training and online resources. The problem had been however, that cyber security remained an abstract and incomprehensible term to most staff. This was not an issue of the medium for delivery; instead, it was a result of failing to draw on AML’s great strength – design.
The CIS team resolved to draw on the rich tradition for outstanding design at AML and integrate that into an approach for cyber solution design. This would focus on principles including:
- Work to fully understand the experience of the staff for whom you are engaging the security process. Do this through observation, interaction, and immersion.
- Define: Process and synthesize the findings from this initial work in order to form a staff-centered view that will guide design collaboration.
- Ideate: Explore a wide variety of possible solutions through generating a diverse set, allowing security teams to step beyond the obvious and explore a range of ideas.
- Prototype: Transform the ideas into a concrete plan of action, learning and developing more empathy as teams explore potential outcomes.
- Test: Use observations and feedback to refine prototype ideas, learn more about the staffs’ adaptation(s), and refine the original view.
These principles promoted a greater focus on design to delivery on the needs of staff, understanding the context for services and aligning the right digital skills solutions to the right audience. This allowed for segmentation and greater efficiency across skills products such as the online Digital MOT, the class-based Digital Garage and supporting resources.
Early results
AML’s approach is still developing but initial feedback highlights the effectiveness of pro-social design. The use of analogy in the Digital MOT has enabled understanding of how digital skills support the production of luxury automotive vehicles. Staff like the contextualization of security to support safety and protective practices on the production line. Knowledge workers are more aware of the demand for digital literacy, but few have gained direct skills from organizations. This has been resolved by the Digital Garage initiative that offers essential skills to manage and protect online presence whilst providing as reciprocal benefit for the organization. The Digital Garage provides skills such as using VPN and testing the effectiveness of online passwords. This digital literacy can then be brought back into AML activities such as project planning and reporting data incidents.
Going forward
AML demands a lot of its staff and that includes having the skills to meet all current and emerging business demands. Ensuring cyber security across services is key to digital transformation. The pro-social design approach enables the building of digital literacy to be focused on need, engaging and helps optimize staff training time. The initial results are very pleasing with pro-social design now aiding protective technology planning and policy making. It also illustrates a determination to develop cyber solutions that are adaptive, resilient, and able to focus on optimizing security to underpin AML’s continued position as an outstanding luxury automotive organization.