Does your security awareness program improve resistance to attacks or just cause training fatigue??
Can you remember the last time you had to take security awareness training? Perhaps you do, or maybe you’ve trained your brain to forget all painful memories; and this kind of training program falls into that category. So, you might ask, why are you frequently asked to take training that you usually forget, or at best, may remember, but it hasn’t helped your ability or confidence in being able to resist a real cyber attack?
Management often decides to start by using the cheapest apparent solution
The reason that you, and many employees like you, are forced to take online security awareness training is - perhaps obviously - because the organization is concerned about becoming a victim of a cyber attack. So, management must take some action to reduce the risk. But is this what they are really doing when they ask you to take this training?
What I mean by this is, management sees a risk (from cyber attacks) and looks around to see what others in the industry are doing about it. They can’t be alone, can they? Well, most organizations have these online security awareness courses in place, so they think, “Compliance training must be the smart thing to do. I shouldn’t need to do anything different from that. Right?”
Well, increasingly, this is not proving to be the case.
Traditional security awareness training solutions are not closing the gap
On a weekly basis now, we hear stories of organizations suffering major security breaches targeting employee vulnerabilities in industries such as healthcare, education and government. It doesn’t seem like the compliance training programs that businesses have been using are keeping up with the threats from phishing, social engineering and ransomware attacks. They aren’t closing the gap on these kinds of risks with the “compliance-based” training programs that most organizations have in place now. They don’t seem to be making teams more resistant to these attacks in a significant way.
Training fatigue, or suicide?…
When we speak with employees who have been subjected to these programs, we hear phrases like “I’m getting training fatigue”, or “I just roll my eyes when I see the content”, and “Every time I have to take another one of those courses, I want to kill myself”.
Do these sound like familiar sentiments to you?
Do they sound like healthy responses to an important training initiative that the business needs employees to learn from and change their behavior? If this is how employees are feeling about the training they are required to take, how can we expect them to be able to resist cyber attacks that target their lack of awareness?
Cybersecurity games for employees can help reduce the risks from cyber attacks
We have been building the Click Armor™ “Deep Gamified Learning” platform, with immersive cybersecurity learning games, graphic novels, exercises and simulations to specifically address the problems of training fatigue and lack of engagement that make employees increasingly vulnerable. We are seeing overwhelming support from employees and managers who clearly understand that such an environment not only makes the training process more enjoyable, these kinds of specially designed games and exercises actually help them in dealing with cybersecurity threats.
What this means for businesses is that, beyond forcing employees to take online training courses, management can show leadership in progressing the maturity of their security program by looking to proven “game-based learning” techniques that can really change behavior, and in a very cost-effective way.
Of course, management teams that have been involved in a security breach are already looking for corrective actions that can make a real difference, not just a checkmark on a compliance checklist. But your management team may prefer to be seen as proactive risk managers than as the alternative.
If you’d like to learn more about Click Armor and our Deep Gamified Learning approach, please contact us.