Is Cyber Training Fit For Purpose?

For all the talk of criminal hacking, ransomware infections and the technologies to prevent them, the key to protecting your organisation is cyber security awareness training. 

Information security training empowers individuals to make better decisions, not only in how to recognise and respond to potential cyber attacks, but also to be sure they aren’t inadvertently putting data at risk in their day-to-day work.

But now this has become far more important as the extent of cyber security threats has significantly increased and cyber attacks have evolved and become more frequent. More importantly, 90% of successful cyber attacks are down to people, not systems

Almost half of businesses in the UK (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%). M

Most learning and development professionals would say that training has been transformed in the past 10-15 years as the general methods of delivering training have certainly improved: the advent of e-learning, hybrid training and online courses has definitely made the process of training more flexible. 

How much have you invested in sophisticated IT, dedicated firewalls, tests on your systems and new technology? It’s almost certainly considerably more than you have spent on cyber training for your employees. 

Just telling your people to use stronger passwords, look out for suspicious links and check emails from new contacts isn’t enough. That’s because our brains naturally take the easy route every time, rather than stepping back, considering and acting differently.

In order to truly make your people the first line of defence, you need to change the way they behave. And this is even more important now that many firms allow employees to bring their own devices to work and this potentially creates holes in your security, and loses some of the psychological signals that make employees more security-aware.

Why Should We Base Training On Psychology?

The more we understand how people ‘work’, the more useful and compelling training can be. Practice makes perfect isn’t just a cliché; it’s how teaching and training works. And yet, in most corporate training, the opportunities to ‘do’ are limited, if available at all – it’s mostly just the exchange of information, and that’s just not enough to make a positive difference to the way people behave. 

There are various models of behavioural science, such as the COM-B model developed by the University College London’s Centre for Behaviour Change. Models like this show us that the only way to change the way people behave is to get them to a place where new, good behaviours have taken the place of the less desirable, old behaviours.

Cyber Security – Behaviours Matter

The psychological approach to training is particularly important in cyber security because it’s our inherent ‘laziness’ and practised habits of doing things like opening emails and clicking links that give the cyber criminals a way in. In fact, they focus on exploiting those weaknesses precisely because they know it works.
So, we need to find a way to change these behaviours to keep criminals out. For example, we’re all pretty good at keeping our homes safe: making sure windows and doors are shut and locked, checking who’s ringing the doorbell or coming up the path.  It’s the same online and we just need to get into the habit of doing it.

It’s Not A ‘tick box’ Exercise

Many managers say that they did some short cyber training because they needed to ‘tick the box’. Looking at cyber security training in this way is potentially damaging to your business. It’s actually one of the key areas where changing behaviours can save your business from financial and reputational ruin. It makes sense for businesses to invest in better cyber security training alongside any cyber security technology and to make sure that training effectively becomes part of your culture.  That is the only way that you will truly beat the hackers.

Security awareness training is a strategy used by IT and security professionals to prevent and mitigate user risk. These programs are designed to help users and employees understand the role they play in helping to combat information security breaches.

Effective security awareness training helps employees understand proper cyber hygiene, the security risks associated with their actions and to identify cyber attacks they may encounter via email and the web.

Gov.UK:    University of Oxford:    Open Access Government:    UCL:      IT Governance:     Mimecast:   

For information about Cyber Security Training Contact Cyber Security Intelligence

You Might Also Read:

Employee Cyber Security Training Is Vital to Reduce Cyber Attacks:

 

« Chinese APT Hackers Used Log4Shell Exploit To Target Academic Institution
The Next 9/11 Will Be A Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BitSight Technologies

BitSight Technologies

BitSight transforms how companies manage information security risk with objective, verifiable and actionable Security Ratings.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

Software Diversified Services (SDS)

Software Diversified Services (SDS)

SDS provides the highest quality mainframe software and award-winning, expert service with an emphasis on security, encryption, monitoring, and data compression.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce Cybersecurity Technology Research Network

Rolls-Royce has partnered with Purdue University and Carnegie Mellon University to create the Rolls-Royce Cybersecurity Technology Research Network.

Ministry of Electronics & Information Technology (MeitY)

Ministry of Electronics & Information Technology (MeitY)

The Ministry of Electronics & Information Technology is an executive agency responsible for IT policy, strategy and development of the electronics industry.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Anetac

Anetac

Developed by seasoned cybersecurity experts, the Anetac Identity and Security Platform protects threat surface exploited via service accounts.

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.