Rohyt Belani, CEO and co-founder of PhishMe reacts to AXELOS' study (https://www.axelos.com/news/uk-organization-cyber-awareness-needs-to-enter-21c) that claims UK organisations’ cyber security awareness learning needs to enter the 21st century:
"The breaches and malware infections experienced by organisations on an alarming scale is testament that organisations are failing to harness the power of their strongest defence - employees," explains Rohyt Belani, CEO and co-founder of PhishMe. "While AXELOS' study highlights a key problem with the current approach, training alone is not the answer. Standard online training modules can actually disengage employees from the issue you’re trying to resolve because they are typically boring and out of context, allowing employees to ignore or quickly click through without engaging with the security content being offered. Great for checking a compliance requirement, but completely ineffective in changing behaviour.
"Instead, companies need to condition their staff’s behaviour and engage and empower them to be part of the solution. Immersive programs are key to providing instant learning opportunities and real-world examples provide the needed experience around threats to avoid. Getting a human eye on the frontline of an organisation’s overall security strategy provides the highest fidelity intelligence possible – after all modern scams are devised by people, so it takes problem-solving brains like those of the workforce to spot them.
“With a behavioural conditioning program, organisations can check staff's awareness by simulating attacks, congratulating success and provide follow- up materials for those found vulnerable. This reinforcement, provided at the point of susceptibility, will be far more memorable than a click-through training session or booklet received out of context. By conditioning employees to act as human sensors will greatly reduce the organisation’s attack surface."