“Education is not the learning of facts but the training of the mind to think.” – Albert Einstein
Almost three-quarters of organizations have been the victims of phishing attacks within the last year, according to the Insider Data Breach Survey 2021 from Egress.
At the same time, 74% of organizations have had a data breach within that same time frame that was caused by an employee breaking the company’s own cybersecurity rules. As it turns out, employees are forgetting their way into cyberattacks and it is costing companies to the tune of millions.
Cybersecurity Is Still a Threat
Even with all the cybersecurity training and awareness today, human error is still the largest cause of cyber security issues by a long shot (coming out at 84%).
These are not malicious insider attacks, but mistakes made by employees who either are not able to spot security threats or who are not following cybersecurity protocols. This gets even more complicated with the large scale shift to remote work.
In a separate survey by TalentLMS, 69% of survey participants stated that they had been trained in cybersecurity by their employers. At the same time, however, 61% of those same people failed a basic security quiz. Why is this happening?
Unfortunately, forgetfulness plays a huge part in security breaches. The Curve of Forgetfulness is a learning theory that shows how people tend to forget a majority of what they hear during lectures and training exercises. Within 7 days, they may only remember 2-3% of what you taught them in a cybersecurity lecture!
However, this theory not only shows us the problem, but it also offers an effective solution.
Reviewing the material you learned and adding other related information can cause retention to increase. It also causes the knowledge to be top of mind, making it easier to rely on for day-to-day life and work.
In the case of cyber security, this could mean the difference between someone falling for an email phishing scam or recognizing and reporting the threat.
Making Cybersecurity Training More Effective
While malicious parties are constantly innovating and coming up with fresh ways to steal data or gain access to secure systems, employees are often trained once a year at most. Some employees may only receive one training session when they onboard, with sporadic training after that. Meanwhile, 6.95 million new scam and phishing webpages were set up in 2020 alone.
No matter how many tools your company uses or security protocols you develop, cybersecurity training is still needed on an ongoing basis. In order to have a strong security foundation in place, employees must be viewed as a major part of your security structure.
Since people are ultimately the targets for scammers, they need to be well prepared to handle cyber threats as they come. If people are not reminded to be vigilant and are not taught how to spot new scams, they are more likely to make mistakes. Without a basic understanding of good cybersecurity practices, an overreliance on tools can actually cause your employees to have a false sense of security that promotes carelessness.
People are a central part of cybersecurity. Your security network is only as strong as its weakest link. With ongoing cybersecurity training and regular updates about new threats, the people in your organization can be better prepared to avoid scams.