Organisations expanding cybersecurity training to include customers

Issue 8 2022 Training & Education

Enterprise organisations are taking security awareness to the next level. Knowing that even the best technology can only successfully repel a potential cyberattack 90-93% of the time, it is now a mandate of many companies to give employees the training and education they need to prevent them from clicking on something they should not.

Having seen remarkable success in behavioural-based cyber training programs, many are also looking beyond their digital perimeter and providing similar education to members and customers.

These new methodologies are capable of drastically reducing human error-related breaches, using an approach that involves understanding the psychology of each learner and providing training to which they can relate.

This is particularly important as phishing, and other scams, grow in sophistication. Organisations are increasingly looking to customers and members as partners in the pursuit of reducing attacks, which have exploded globally into more than 6 trillion dollars in losses annually.

Human behaviour as a strength

For a long time, the human factor has generally been spoken of as a ‘weakness’ or ‘vulnerability’ in the defence of an organisation’s network, but some are beginning to frame it differently.

“I think humans can be a great strength in cybersecurity,” explains Kin Lee-Yow, chief information officer of the CAA Club Group (CCG), the largest automobile club in Canada. “And a strong cybersecurity defence is crucial, not just on an enterprise level, but for people at every level.”

CCG, which admittedly is ‘obsessed’ with the safety of its more than 2.5 million members, discovered that many of them do not know where to turn when it comes to learning about online safety. According to a study they conducted, 62% of members know someone, or have personally, experienced a privacy or data security breach. One-third, personally experiencing a breach, thought it could have been avoided with better awareness and education.

“If everybody were more knowledgeable and better trained on what to look for from these cyberattacks, then I think overall, the hackers would have less success, and that would probably discourage at least some of the activity,” says Lee-Yow.

A new psychology

In an effort to foster a security-aware culture among employees, there has been a shift in thinking. Instead of using generic, one-size-fits-all lessons, the new method focuses on educating the right person at the right time in the right way to instigate change in behaviour.

“The first step in the CyberconIQ training we use is to understand your personality profile,” explains Lee-Yow. “Do you tend to follow rules or are you maybe a little bit of a risk taker? Everyone is going to be vulnerable in different ways. So, the training has to match up with that.”

CyberconIQ was one of the first companies to merge psychology, cybersecurity, and machine learning to develop a customised approach for each employee. By providing awareness of key motivating factors that drive underlying online employee behaviour, companies can greatly reduce the chances of someone falling for a scam and compromising the network.

“I think these companies are beginning to understand that if they have members or clients, they have at least some responsibility to help protect them as well,” says Jessica Gutierrez, director of learning design and development at CyberconIQ.

The paradox of enterprise security

Large corporations and financial institutions are both the most secure as well as the most vulnerable to a cybersecurity attack. This can be explained by the fact that these organisations typically deploy the latest security technology to protect their perimeter, yet are only as secure as their least-aware employee is.

Of particular danger are the increased instances of phishing, which the 2022 IBM X-Force Threat Intelligence Index noted makes up 41% of all attacks. With the 7-10% gap in one’s firewall that technology simply cannot close, there is a 100% statistical probability that every employee will eventually come across some form of novel threat – be it in an email, chat, or weblink. They will need to identify it as such and know how to best deal with it.

Ultimate goal: raise the bar

The inclusion of customers in an awareness programme has additional advantages. For example, it can protect or even improve a company’s reputation. It can also prevent the business from attack by a third party with lax security. The notorious Target security breach of 2013 occurred when a vendor fell for a phishing email; the thieves were able to access Target’s network through the vendor’s account.

“Our members told us they wanted help in better understanding cybersecurity,” remarked Lee-Yow. “We felt we could fill this gap by offering relevant and timely training.”

This is part of a strategy to combat phishing and hacking on a larger scale; the hope is to thwart attacks by making as many people as possible aware of bad habits by educating them in a way that actually changes behaviour.

“The fewer people that are susceptible to cybercriminals, the better for all of us,” Gutierrez concluded.

Find out more at https://cyberconiq.com/




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Value and industry insight
Securex South Africa Training & Education News & Events
Securex South Africa 2025, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, drew thousands of security professionals from across the continent and beyond, offering a platform for networking, product discovery, and knowledge sharing.

Read more...
Gallagher Security achieves ISO 27001 recertification
News & Events Training & Education
Gallagher Security has successfully achieved certification to the updated ISO/IEC 27001:2022 standard for Information Security Management Systems (ISMS). This accomplishment builds on previous certifications and reflects a continued commitment to the highest standards of information security.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
Strong industry ties set Securex South Africa apart
News & Events Training & Education
Securex South Africa, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, is a meeting place of minds, where leading security, safety, fire, and facilities professionals come together, backed by strong ties with the industry’s most influential bodies.

Read more...
Gallagher Security expands Digital Badge Programme
News & Events Access Control & Identity Management Training & Education
Following a successful launch and roll out across Australia and Papua New Guinea in 2023, Gallagher announced its Digital Badge programme is now available to channel partners and end users across the rest of APAC IMEA.

Read more...
The need for integrated control room displays
Leaderware Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...
The need for integrated control room displays
Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.