Cybersecurity Considerations: Improving Cybersecurity Culture in Your Organization

Building a truly effective cybersecurity awareness training program that changes user behavior is hard, especially in an ever-evolving threat landscape. NINJIO COO & CISO Matt Lindley spoke with PrivacyEngine CISO Mike Morrissey about the state of cybersecurity awareness training and why NINJIO’s solutions meet the needs of today’s workforce. Here are some highlights from their conversation:

1. Storytelling drives engagement and learning. Learners are engaged and paying attention when there’s a story to hear, rather than a lecture to tune out. That’s why NINJIO’s training is based on real-life hacks paired with Hollywood-style storytelling for an experience that sticks with the user and ultimately changes their behavior to keep them safer online.
2. Frequency is crucial. We know that frequency is one of the key elements of an effective cybersecurity awareness training program. To truly change behavior, users need frequent reminders and tips across different content styles. Your training should meet the learner where they are.
3. Cybercriminals are becoming more effective. We know that cybercriminals continue to launch attacks against people because they’re the easiest targets, with the vast majority of breaches involving human error. Users are still perceived to be the weakest links in your organization’s cyber defense, so equipping them with the knowledge and tools to resist attacks goes a long way to staying secure.
4. A Culture of Cybersecurity is key. In order for a cybersecurity awareness training program to be most effective, there needs to be an organizational effort to weave that awareness into the workplace culture. That involves buy-in from all levels of an organization, from the board and C-Suite to the frontline worker, and across all teams and business units. The CISO may lead that effort, but it’s a whole-company effort.
5. Training shouldn’t be completely technical. There are two fundamental categories of awareness training topics. The first is technical – what is ransomware? What does Business Email Compromise look like? These training topics deal with the details. The second category deals with behavior and how people process information. These training topics work to overcome a user’s prior disposition and teach them to be more skeptical of digital communication rather than trust every email that lands in their inbox. Changing those non-technical behaviors establishes a stronger baseline for cyber defense.

You can watch the full webinar below:

If you’re interested in taking your cybersecurity awareness training program to the next level, we’d be happy to help.