Meeting minimum standards in cybersecurity is not enough today. A shift from the feeling that cybersecurity is the problem of the IT department, to a culture and attitude that we are all responsible to protect our organization is achievable. Microlearning can be a powerful tool to accomplish this shift that is needed right now. "It's about time microlearning is adopted into the compliance and cybersecurity world. Businesses need better behavior by all employees and microlearning is the key to solving the people issue in cybersecurity." Heather Stratford - Founder and CEO of Drip7 Inc.
SPOKANE, Wash., Jan. 17, 2023 /PRNewswire-PRWeb/ -- As cybercriminals up their game, becoming more sophisticated and frequent in their attacks, companies need to move beyond meeting minimum standards in cybersecurity. Annual minimum training requirements are not enough in the current environment and using microlearning might be the solution.
The Pandemic increased the cyber attack rate to unprecedented levels. Currently, there are 97 victims to data breaches every hour.1 Cybersecurity needs to be in the top 3 priorities for any business leader this year and using microlearning might help businesses create the changes they need to reduce their risks of a breach. Meeting minimum standards in cybersecurity is not enough in 2023.
We are currently in a shifting environment of regulations. Some industries are being mandated to train and increase cyber protocols, while others still have only voluntary goals.2 The two major regulations passed in 2022 the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and the US Securities and Exchange Commission (SEC) cyber reporting rules update are both having ripple effects through the business world.3 Businesses from new industry areas are scrambling to meet low base cybersecurity standards.
The real problem is that brief traditional yearly training on cybersecurity topics is quickly forgotten by employees. Basically, minimal compliance is not security.4 And leaders are struggling to figure out how to quickly increase training and engagement and understand changing regulations.
Just as a patient wouldn't want a surgeon operating on them who only met minimum standards, the lowest level of competency or annual compliance is not ideal. Both cybersecurity prevention and resilience are needed in today's business environment. There will always be a debate as to whether legislation and setting standards is the best way to improve behavior– when it comes to cybersecurity why is the lowest bar still what is being argued over.
Many CISOs are becoming more proactive and shifting their budget to further address the people part of cybersecurity no matter what the regulations ask for. The consequences of a significant cyber incident can far outweigh the perceived cost to invest in training an organization's staff. Richard Clarke, a National Security expert and author said it best, "if you spend more on coffee than on IT security, you will be hacked. What's more, you deserved to be hacked."5
In terms of prevention, people are a security risk, at every level of an organization. Organizations can shift to a culture of ownership and a security attitude allowing everyone to be part of the solution. Heather Stratford, founder and CEO of Drip7 a cybersecurity microlearning platform says, "empowering employees with knowledge is critical to a cybersecurity culture. Frequent reinforcement and consistent training is the key."
Hermann Ebbinghaus was a psychologist who pioneered research on memory and the discovery of the forgetting curve.6 The forgetting curve is impacted by repetition and learning in more frequent intervals. Only 20% of training information is remembered after 30 days without reinforcement. Stratford states, "Drip7 is a new type of gamified microlearning platform that gives organizations the tools to help increase learning and retention in cybersecurity and compliance."
Consistent cybersecurity training for many organizations means daily or weekly training. Training given and received daily allows employees to keep the most critical information top of mind. The Brandon Hall Group research survey found that "microlearning actually increased by 40% during the pandemic."7 Microlearning is the key to helping employees remember and use their training when it matters most.
Stratford said, "it's about time microlearning is adopted into the compliance and cybersecurity world. Businesses need better behavior by all employees and microlearning is the key to solving the people issue in cybersecurity." Microlearning platforms are now available for managers to track progress metrics and customize content for the needs of the organization.
Ultimately, the overall goal is to educate the workforce in being the first-line of defense for cybersecurity. The more knowledge and reinforcement workers have at all levels, the stronger the defense and the lower the risk. This does not reduce the need for the IT department to build first-rate firewalls and other cybersecurity protocols. Organization's need both. In this case Lower is better. Lower risk - just not being okay with a low standard.
Drip7 is a leading innovator in the field of cybersecurity awareness training and beyond with an easy-to-use, mobile-based platform utilizing microlearning and gamification to increase employee engagement and create behavior change. Drip7 combines the right science and content to produce a superior training platform, from one question or "drip" a day to allowing employees to train when and where they want on their phone or computer, Drip7 engages users with an interactive dashboard, rewards, badges, and more. Included training is focused on cybersecurity and compliance; however, the platform can be customized by a company for any training need. For more information, please visit https://drip7.com/.
Deb McFadden, Drip7, 2038564046, [email protected]