A new cyber security research report reveals some of the challenges facing businesses. In this blog, we look at some of the report’s key findings around cyber security in the workplace, as well as cyber security training courses.
For all of the advancements made in improving business cyber security, increasing knowledge among staff is still a major challenge for organisations worldwide.
A new report by cyber security experts Crowd Research Partners has a number of telling implications for cyber security training courses. Compliance with policies is, understandably, a top priority for professionals needing to protect cloud-based and on-premise data.
Cyber security training courses are a great opportunity to help employees assess risk, carry out mitigating procedures, meet compliance requirements and more. Ultimately, they should help to inspire a continued focus on IT security as a team effort.
Creating fresh, different cyber security training courses
According to the report, two-thirds of security professionals believe training and certification is valuable to their employees. Cyber security training courses are effective because they educate employees about the steps they need to take to reduce risk and help protect their organisation from internal and external cyber threats.
Two-thirds of IT professionals, according to the report, think their cloud investments are meeting or surpassing their expectations, with only about one in ten saying the cloud is failing to do so.
Although the majority believe that cloud-based security solutions are as or more secure than on-premise solutions, the number-one barrier named by the report to cloud-based migrations is staff expertise and training.
Protecting data from cyber attacks
Anthony James, of data protection and cloud security company CipherCloud, says that the report underlines some of the steps needed to ensure optimum security in the cloud. “Data is every company’s biggest asset, and of course the primary target of cyber-attackers,” he observes.
“As businesses embrace cloud services, it becomes extremely important to secure access to these cloud services. The core issue, like any security approach, is that when tools and procedures break down, the data becomes vulnerable.
“For this reason, it is of paramount importance that this data is secured and protected independent of the additional security controls offered by cloud providers.”
Helping staff play a vital cyber security role
In James’s analysis of the report, he points to encryption as a key basic tool for cloud security. A more effective use of encryption would solve many of the problems that respondents highlighted in the report.
Security teams know that training, certification and awareness are some of the key elements in defending against security breaches. But it’s a topic that has traditionally been perceived as rather dry and unengaging, lacking buy-in from employees who aren’t directly involved in an organisation’s IT infrastructure.
A different approach, therefore, is needed to make employees actively engage with cyber security training courses. When this is successful, employees become confident in their ability to take the necessary steps to protect their organisation from cyber security threats.
Zero Threat: a new innovation in cyber security training courses
One aspect of cyber security training courses that is rarely discussed is the power of learning games to build knowledge. That’s where Zero Threat, Eukleia’s award-winning cyber security awareness training game, can really help.
Zero Threat is designed to give employees at all levels a comprehensive overview of the way their decisions impact on their organisation’s security policy.
Rather than going into laborious detail about the multitude of threats that can compromise a company’s cyber security, it presents the issues through a compelling learning game.
The game gives learners control of a network which is under constant attack, simulating dozens of risks that they might not normally be aware of. These include:
- Phishing emails
- Social engineering attempts
- Malicious websites
- Infected USB sticks
- Accidental breaches, such as leaving a laptop on a train
- Deliberate insider threats
- An engaging approach to raising cyber security awareness
Organisations and employees might not be fully aware of the importance of encryption, which is one of the approaches gamers can use to succeed in Zero Threat. They might also not know that setting strong passwords or properly scrutinising emails is vital to the bigger picture of cyber security across their company.
In Zero Threat, learners utilise these measures by playing them as ‘action cards’ to deal with threats across 20 turns. If they survive the 20 ‘days’ (or rounds) of attacks, they win the game.
Conversely, even if they do nothing during the game, they can watch the consequences of inaction and poor cyber security decisions unfold.
However they fare, they will accumulate knowledge in a far more original and imaginative way than they might have been accustomed to in cyber security training courses. Plus, Zero Threat is designed to encourage replayability so the cyber security training isn’t just a one-off learning opportunity.
To discover how Zero Threat can help you to transform your cyber security training courses, and request a free trial of this award-winning game, click here.