You can have Red Teams probing your network and your staff, but what you really want is to be protected from the attacks to begin with. See the news release below. I think the idea is right on the mark. One of my personal quotes is, "repetition is the mother of remembering," so you can't just have a single annual training event for employees. They just won't remember all the steps that they need to be thinking about to protect your network and information.
For your consideration — no, it is not an endorsement:
Cybercrime represents the greatest threat to businesses and organizations in the world today.
The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating. Global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.By The Numbers:
- 60% of small-and medium-sized businesses close within six months of experiencing a cyberattacks.
- Over 90% of all cyberattacks are executed using information from employees who unwittingly give away their system ID and access credentials to hackers.
- Over 1/3 of employees who have had security awareness training still admit to disregarding security policies.
- In a survey of nearly 900 employees, 83% of those who received gamified training felt more motivated as a result, while 61% of those who received non-gamified training felt bored and unproductive.
It became apparent that the combination of microlearning, customizability, and gamification leading to high ongoing employee involvement answered a need not simply for one client or industry, but for a worldwide digitized economy.
The Training:
- The program is called Drip7. It applies game design to cybersecurity awareness training to increase retention.
- Works off the basic point that one doesn’t internalize something by hearing it once. There must be repetition, in this case seven times.
- The training arrives in the form of a question a day that the employee answers. This increases engagement in learning and retention, and at its core keeps cybersecurity in the employee’s mind—not by force but through play.
“This isn’t a learning management system,” says Stratford, “It’s a way to make learning and training actually do what they need to do. Our goal is to take the fear out of cybersecurity and make it both fun and effective.”
How can gamification and microlearning be leveraged to better secure a workforce against cybersecurity attacks? Heather Stratford can speak to the following:
- With the increase in remote workforce, how much has cybersecurity grown?
- How does Drip7 work?
- In addition to this training, what steps can a company take to avoid cyberattacks?
- What should a company do in the case of a cyberattack?
- How does Drip7 ensure that the employee is performing the new training?
- Are there other areas of a company’s IT efforts that could benefit from gamified microlearning?
- Can Drip7 be used in any industry?
Drip7 is the brainchild of cybersecurity expert Heather Stratford as a result of a client wanting to fix a specific problem: empowering the weakest link—the human—to use better cybersecurity. With its first few clients (a large educational institution, hospital system, and government agency), Drip7 is proving its usefulness in changing the old system of training and information retention in any workforce. Stratford explains it as, “Drip7 is a micro-learning platform that is re-inventing the way organizations train their employees and build lasting cultural change within them, especially in today's age of remote workforces.”