The New Wave of Cybersecurity Awareness Training

The only constant is change. The ongoing effects of COVID-19 have taught us that change is inevitable to survive. One major area that has been affected during COVID-19 is how we interact with employees, and what we need those employees to know right now. Cybersecurity is one of those critical areas of this new world that is at the core of every business’s struggle to stay alive and current. A new wave of training employees is now available—one that helps improve the knowledge and skills of regular employees that use gamification, microlearning and rewards rather than fear. Cybersecurity education is getting a facelift; becoming more gamified and relevant to all businesses to match the changes in our global needs.

Cybercriminals are not picky about who they target. Today, all businesses are at risk. In the past, the main security question was what assets in the business needed to be protected. Today, cybercriminals are less likely to take data; instead, leveraging their ability to hold information ransom and demand payment in exchange for the release of encryption keys. The new forms of attack don’t care what or who they are attacking, just that the organization being attacked has resources and will pay. Ransom demands in 2020 occurred as often as every 11 seconds, and ransoms averaged nearly $200,000, as reported by Cloudwards. This changes the dynamics of who is typically considered a permeable link, and means instead, everyone in an organization becomes a target.

AWS Builder Community Hub

There are different types of malware that are currently attacking organizations. Ransomware is one type of malware that encrypts data. Current variants are the DearCry ransomware and the Black Kingdom ransomware targeting Microsoft Exchange Servers. Other types of malware that are currently wreaking havoc include the CopperStealer malware, which is stealing data, and the XcodeSpy malware. XcodeSpy is a variant of the Eggshell backdoor virus specific to the macOS, and which records victims’ microphones, camera and keyboard. (Some people still believe the myth that Macs don’t get viruses – that’s not true). There are hundreds of active malware variants attacking systems and organizations every minute of every day. Cybersecurity Ventures anticipates cybercrime will cost the world upwards of $6 trillion annually by 2021.

All breaches have one commonality—educating people can reduce the rate of successful attacks. According to Cyber Security Intelligence, 90% of all breaches are directly related to human error or employee behavior. Employees are on the frontlines; making decisions and operating on the network. Until we have hardware that can truly tell the difference between good and bad interactions, we will need to rely on a human factor to help fight back against the growing number of cyberthreats.

If training employees is key, then why does it seem so difficult? Age group, technology background and familiarity and cultural norms all play a role in what we see as normal and what is out of the ordinary. Most corporate training is seen as a nuisance. It’s not taken seriously, enjoyed or looked forward to. In fact, employees are likely to forget 50% to 80% of learned material in just two days without retention maintenance, according to research from the University of Waterloo. This has to change so that employees can have more say in what they learn, when and how they train and how they can be rewarded. Rewards are a key function of training that are often expected by younger members of the workforce.

One key training and education trend is the shift to microlearning. Gone are the days that an employee has 90 minutes to dedicate to a training session and give it their undivided attention. A typical employee can only focus on one task for a short amount of time before being interrupted—we currently average three and a half minutes. The phone buzzes, the email chimes and the minutes of our day are claimed by who or whatever can grab more of our attention. Training needs to understand this shift and be divided into smaller timeframes to deliver bite-sized chunks of information. This is the essence of microlearning.

Adding gamification to training helps to engage workers and keep their interest. Instead of saying, “We are assigning this training,” the organization can ask employees instead to spend time on playing a game and interacting with each other while learning new skills. A study concluded by Science Direct provides evidence that challenge-based gamification in education leads to an increase of 34.75% in measurable performance. Changes in wording, in how training is delivered and how progress is measured all point to the benefits of gamifying training.

Microlearning and gamification are ideal for any industry where the majority of the workforce is the millennial generation—and also for industries that use computers extensively and that are office-based. These industries include insurance, financial, medical and higher education, but this kind of training could be adapted anywhere.

The shift to a remote workforce has heightened the need for cybersecurity education and skills. Never in our history have we witnessed a greater threat stemming from people accessing documents and potentially sensitive information from outside a traditional workplace. It’s the part of our new world that some expect to revert back to the ‘old normal.’ However, many within the technological community realize that this is a permanent change. History will remember the COVID-19 pandemic as being the turning point that forced businesses to shift dramatically. Training also must shift to adopting more effective standards and accommodating the new workforce by evolving to address the ever-changing threats that are attacking each day. It bears repeating: The only constant is change.

Avatar photo

Heather Stratford

Heather Stratford is the Founder of Drip7 and a thought-leader in the IT Training and Cybersecurity field. Heather keynotes at conferences, universities, and for enterprise clients. She writes on cybersecurity and has been featured and written for such global organizations as the 2018 G7 Summit held in Canada. Heather regularly speaks about Cybersecurity, Women in Technology, Women and Diversity in Cybersecurity, creating a Cybersecurity Culture, Entrepreneurship, Privacy, and the shifting regulations and how to manage cybersecurity risks.

heather-stratford has 1 posts and counting.See all posts by heather-stratford