Does building a cyber security human firewall need to involve complex training
Cyber attacks are becoming more common and the consequences are becoming more serious. When we hear about this new wave of crime it brings a sickly taste of powerlessness in the face of gangs of tech monsters.
An IBM study has identified that 19 out of 20 attacks could be prevented through better human decisions at the time of attack.
So training your staff to be cyber safe is absolutely vital.
But there is a difference in how we can acquire that training. There is learning which implies you understand a subject, you can evaluate ideas and propositions on a topic and apply your understanding. It is an in-depth hard school work type of learning. When you have learnt you have the ability to write an exam on the topic.
The alternative is the knowledge browser, who wanders through fields of information. The knowledge is bite sized and informative. The knowledge gathered is stored away for future use. Some is sticky knowledge and some gets forgotten.
In a person's everyday work the tasks that are undertaken are underpinned by knowledge that they have gained through real learning, be it at university or on the job. They have the ability to apply their knowledge in a way that impacts the outcome in a positive manner.
There is often little time left over to become an expert in another area.
Being able to be a knowledge gatherer becomes the best alternative to improve human understanding of what to do in the face of a cyber trap or attack.
For this reason it is important to present small chunks of information that are interesting and memorable. The process of presenting this information in interesting ways often allows those facts or practices being taught to be accepted by the “riding a bicycle” part of the brain.
Cyber training needs to be similar.
When we deliver knowledge in easy to consume ways and are consistent in doing it, then when the time comes, the person under attack is more likely to make the correct decision.
In our program we breakdown the learning into focus periods and each focus period has interesting knowledge takeaways.
The program is structured to be ongoing in a non-intrusive way that leaves the heavy learning about cyber security to the IT people and gives everyone else easy actionable knowledge without being overwhelming.