Outmoded Training Methods Fueling Ever-Increasing Cyberattacks

Share Article

COVID-19 has forced millions to work from home; meanwhile, the rate of data breaches, ransomware demands, and other cybercrimes has climbed dramatically—yet employee training remains outmoded, over-commoditized. For companies to defend themselves, says Stronger International, a new approach to employee training is needed.

Recent studies show a 238% increase in cyberattacks against banks and a 667% increase in phishing schemes.

In today’s world, it is essential to provide employees with the information they need to help prevent cybercrime, and to provide it in ways that ensure the employees remember and make use of it.

Heather Stratford, CEO of cybersecurity firm Stronger International, notes that 2020 has been a good year for cybercriminals. Recent studies show a 238% increase in cyberattacks against banks(1) and a 667% increase in phishing schemes.(2) On the ransomware front, there has been a sevenfold increase in attacks(3), and the average ransomware payment has increased by a third, to $111,605.(4) Meanwhile, business leaders agree that the single largest cybersecurity risk to U.S. businesses is employee negligence, such as accidental loss of a device or a document.(5)

“The problem isn’t really lack of employee training,” says Stratford. “There’s a lot of cybersecurity awareness training going on. The problem is that much of it doesn’t accomplish anything.”

A recent study conducted by Forrester Consulting, for example, found that while 59% of surveyed security and IT managers thought their security compliance training was adequate and effective, more than half of surveyed employees disagreed. More than one-third of surveyed employees who had attended security awareness and training (SA&T), in fact, still admitted to disregarding security policies.(6)

One key reason for this disconnect, says Stratford, is that they rely on outdated content delivery approaches such as lengthy presentations followed by assessment testing. This, she says, is not how today’s workforce processes information. Research shows that today’s typical employee works on a task for about 11 minutes before being interrupted by a phone call, an email, or a co-worker. Within that span of 11 minutes, he or she engages in multiple short, quick tasks that average about three minutes each. If the task involves consuming digital information, the average worker spends just 20 seconds on one piece of content before moving on to the next.(7)

For such employees, notes Stratford, microlearning, which involves breaking content into bite-size chunks and testing learners on each small piece of information, results in deeper engagement yielding better results than traditional training methods. In a study conducted by Dresden University of Technology, students taught through microlearning showed a 22% greater retention of information than a control group given traditional training on the same material. In addition, the microlearning group took 28% less time to answer questions and performed 8% better on a comprehensive exam covering all the material.(8)

A highly effective approach in today’s cybercrime-threatened workplace, says Stratford, would be to combine microlearning with gamification, which involves the application of typical elements of game playing (point scoring, competition with others, rules, etc.), to cybersecurity awareness training. Contemporary workers, a large percentage of whom are members of the much-studied millennial generation, she notes, respond extremely well to gamified material, not only in terms of content retention, but in their overall relationship to the organization.

In a 2019 study of employees whose work involved the use of apps or software that incorporated elements of gamification, 83% of those who received gamified training said they felt more motivated by it; 61% of those who received non-gamified training, on the other hand, said it made them feel bored and non-productive. When asked in which category of app they would like to see more game-like effects, the largest contingent—33%—selected training software.(9)

“In today’s world,” says Stratford, “it is essential to provide employees with the information they need to help prevent cybercrime, and to provide it in ways that ensure the employees remember and make use of it.”

Properly applied, gamification and microlearning are tools that can make a significant difference not only in employee engagement and satisfaction, but in overall corporate security. Stratford claims the industry has gotten lazy— over-commoditized, competing only on price, and even lowering the price so low to shut out the competition that it has created a real imbalance.

“Microlearning gamification will be the paradigm shift that will remove fear-monger selling and the commodity trap for the entire industry,” she continued. “A little personal touch is going to go a long way.”

About Stronger International
Stronger International began in 2015 under the leadership of Founder and CEO Heather Stratford. Located in Spokane, WA, Stronger has quickly grown into an internationally respected provider of high-risk cybersecurity consulting, corporate training, and cloud-based educational programs for corporations, educational institutions, government, and military organizations. Stronger International empowers firms to create stronger, more efficient, and more secure cultures. Stronger has partnered with colleges and universities, local and state governments, and holds a Federal GSA contract. For more information, visit https://stronger.tech.

1.    Osborne, Charlie. “COVID-19 Blamed for 238% Surge in Cyberattacks against Banks.” ZDNet, 14 May 2020, zdnet.com/article/covid-19-blamed-for-238-surge-in-cyberattacks-against-banks/.
2.    Schwartz, Samantha Ann. “Coronavirus Phishing Attacks up 667% since February, Research Finds.” CIO Dive, 26 Mar. 2020, ciodive.com/news/phishing-email-malware-coronavirus/574888/.
3.    Palmer, Danny. “Ransomware: Huge Rise in Attacks This Year as Cyber Criminals Hunt Bigger Pay Days.” ZDNet, 9 Sept. 2020, zdnet.com/article/ransomware-huge-rise-in-attacks-this-year-as-cyber-criminals-hunt-bigger-pay-days/.
4.    “Ransom Payments Up 33% In Q1 2020; Sodinokibi and Ryuk Tops the List.” Cyber Security Magazine, 5 May 2020, cisomag.eccouncil.org/ransom-payments-up-33-in-q1-2020-sodinokibi-and-ryuk-tops-the-list/.
5.    “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC, CNBC, 21 June 2018, cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.
6.    “New Survey Reveals Cybersecurity Training Is Missing the Mark as Employees Work around Company Security Policies.” GlobeNewswire News Room, "GlobeNewswire", 3 June 2020, globenewswire.com/news-release/2020/06/03/2042632/0/en/
7.    Gutierrez, Karla. “Numbers Don't Lie: Why Microlearning Is Better for Your Learners (and You Too)”, shiftelearning.com/blog/numbers-dont-lie-why-bite-sized-learning-is-better-for-your-learners-and-you-too.
8.    “Why Microlearning Drives Over 20% More Information Retention Than Long-Form Training.” Monika Schlatter Bildungsberatung & Learning Design, 24 May 2020, relatris.ch/2016/04/30/why-microlearning-drives-over-20-more-information-retention-than-long-form-training/.
9.    “Gamification at Work: The 2019 Survey Results.” TalentLMS Blog, 15 Jan. 2020, talentlms.com/blog/gamification-survey-results/.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Karla Jo Helms

Daniel Mutter
Follow >
Visit website