Cybersecurity training that engages learners & evolves with the latest threats
Here we look at how to create cybersecurity training that’s engaging and relevant to your learners, so that they actually want to do it. We also look at ways to ensure that your courses evolve with the ever-changing landscape of cybersecurity threats.
What is cybersecurity?
Cybersecurity involves mobilising resources - human, procedural, policy-driven, and technological - to safeguard organisations, vital systems, and confidential data from digital breaches.
With the pervasive integration of digital information and technology into routine operations, organisations are increasingly susceptible to cyber threats. Furthermore, these digital attacks, aimed at both data and essential infrastructure, are evolving in complexity.
The repercussions of cyber-risk incidents can span operational, financial, strategic, and reputational domains, often leading to hefty business consequences, embarrassing PR incidents, and sometimes huge fines from regulators. Given the heightened sophistication of these threats, traditional security measures often fall short. There's a pressing need for most organisations to amplify their cybersecurity efforts.
Who should take charge?
While the significance of cybersecurity has been a topic of discussion for business leaders for years, too often the onus of responsibility often still rests with the IT department.
The 2022 Gartner Board of Directors Survey showed that 88% of board members classed cybersecurity as a business risk while just 12% called it a technology risk. However, a previous survey showed that the CIO or equivalent IT leader was held accountable for cybersecurity at 85% of organisations.
With human error so often at the heart of cybersecurity breaches, it should be a responsibility at least shared between L&D and IT teams to ensure that employees, contractors and external partners receive timely and relevant cybersecurity awareness training. While IT professionals best understand the threats and underlying technology, it’s Learning and Development teams that understand how to upskill and develop people.
Cyber threat landscape
As cyber threats continue to evolve, the need for employees to be equipped with the latest knowledge becomes increasingly urgent. In 2023, we continue to see an increase in:
- Ransomware attacks: These involve encrypting user data and demanding a ransom to decrypt it.
- Phishing and spear-phishing: Targeting users to steal information or deploy malware.
- IoT vulnerabilities: As more devices connect online, they become potential targets.
- Supply chain attacks: Targeting less-secure elements in the production chain.
- State-sponsored attacks: Advanced persistent threats (APTs) sponsored by nation-states.
Why do cybersecurity breaches happen?
In general, cybersecurity breaches happen due to insufficient controls, and human error is often involved.
It's important to note that no institution can claim absolute security. While threats and malicious actors are beyond an organisation's direct control, what they can manage are their priorities and investments towards bolstering security.
To determine the best areas and methods for strengthening IT safeguards and cyber defence, it's essential for L&D - alongside IT professionals - to assess your organisation's security capabilities in terms of personnel, processes, and technology. Pinpoint the existing gaps and decide on the priorities that need attention.
It's crucial to understand that the human aspect plays a significant role in cybersecurity vulnerabilities. Cyber attackers are adept at manipulating human psychology through social engineering.
They employ increasingly advanced methods to deceive individuals into engaging with harmful content. So, equipping employees with the right knowledge and tools to counteract these tactics is essential.
Essential cybersecurity skills
- Risk assessment: Identifying and ranking potential vulnerabilities.
- Incident response: How to handle and mitigate a security breach.
- Penetration testing: Ethically hacking systems to find vulnerabilities.
- Knowledge of OS: Windows, Linux, and macOS, with their respective vulnerabilities.
- Network security: Safeguarding a computer network infrastructure.
- Cryptography: Understanding encryption and secure communication methods.
Cybersecurity training modules & areas of focus
Cybersecurity training should not be rolled out in a one-size-fits-all manner. It needs to be tailored to the roles and experience levels of your employees and partners. Otherwise it’s unlikely to be engaging or understandable, and both issues are barriers to knowledge retention and behaviour change.
At a very basic level, the training could be considered across 3 broad groups:
1. Beginners - ideal for onboarding and refresher training for all employees:
- Basics of cybersecurity
- Introduction to networking
- Operating systems security
- Basic cryptography
2. Intermediate - for those that use various technologies in their roles:
- Cloud security
- Mobile security
- Application security
- Incident response & forensics
3. Advanced - for IT departments, especially if they support large organisations:
Advanced threat intelligence
Machine learning & AI in cybersecurity
Blockchain and cybersecurity
Cybersecurity best practices
While the cybersecurity training required for your organisation will be unique to your technologies, sector, employee make-up and even culture, the following best practices must be components of it:
- Regular updates: Ensure all systems and software are regularly updated.
- Multifactor authentication: Implement MFA wherever possible.
- Backup: Regularly backup data and ensure it's encrypted.
- Awareness training: Constant training for staff to recognise threats.
- Incident response plan: Have a plan ready in case of breaches.
How to engage learners on dry cybersecurity topics
Making dry topics like cybersecurity engaging during training can be a challenge, but with creativity and the right strategies, even the most mundane subjects can become interesting - even fun!
Here are some ways to make any learning content more engaging:
Everyone loves a good story. Relate the material to real-world scenarios or use anecdotes that make the topic more relatable.
Turn the topic into a game or an interactive session. Use quizzes, polls, and group activities to encourage active participation.
Use charts, graphs, infographics, and videos. Visual content can make complicated and dry topics easier to understand and more engaging.
Analogies and metaphors:
Relate the topic to something more familiar or exciting. For example, explaining a complex process can be made easier by likening it to a more familiar process.
Break it down:
Divide the topic into smaller, more digestible chunks. Short sessions with breaks in between can help maintain attention.
Show them how the topic is used in real life. If possible, bring in experts from the field or take them on field trips.
Allow learners to apply what they've learned in a practical way. This could be through labs, simulations, or role-playing activities.
While it's essential to remain professional, a little humour can go a long way in making a dry topic more enjoyable.
Feedback and discussion:
Allow for open discussions where learners can share their thoughts, experiences, and questions related to the topic. This interaction can often lead to deeper understanding and interest.
Diverse learning methods:
Recognise that people have different learning styles. Some may prefer reading, while others might be more engaged by listening or doing. Incorporate a mix of methods to cater to different learners.
Use technology like interactive e-learning platforms to make the learning experience more immersive.
Instead of just presenting facts or theories, use case studies to show how the topic applies in real-world scenarios.
Rewards and recognition:
Rewarding learners for their achievements, no matter how small, can motivate them to engage with the topic.
Challenge and competition:
Introduce elements of challenge or competition. This can be done through games, quizzes, or debates.
Remember, the goal is not only to transfer knowledge but to create an environment where learners are motivated to engage, understand, and retain the information. The key is to understand your audience and tailor your approach based on their needs and interests.
- Quantum computing: Will pose new challenges and opportunities for encryption.
- 5G networks: Will introduce new network vulnerabilities, as connectivity becomes ubiquitous.
- Remote work: Continued growth in remote work will present unique security challenges. Most large organisations now have a number of remote workers, and a hybrid workforce is becoming increasingly commonplace.
Want to improve cybersecurity awareness in your organisation?
In a world that's more connected than ever, cybersecurity remains a paramount concern. As threats evolve, so must our defences. Continuous training, awareness, and proactive measures are the only way to stay ahead of hackers and cybersecurity threats.
As an L&D professional, it’s essential that you consider both new hires and experienced employees engaged and up to date with cybersecurity training, in order to protect both them and your organisation.
Achieve lasting cybersecurity awareness with our award-winning modular learning journey. Cyber Crime Time is the world's most exciting cybersecurity awareness training programme.
Learn more about Cyber Crime Time here: