Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience
Most cyber awareness platforms have content libraries which rival Encyclopaedia Brittanica in size: tutorials, articles, games and even Netflix-like video content... IT managers can simply pick out a lesson and send it to their co-workers. But data proves this approach doesn’t cause cyber incidents to decrease. In this blog, I’ll explain why that is.
In their early days, when Phished’s sister company Bringme wanted to cultivate its employees’ awareness of cyber threats, our prop-tech company partnered up with a well-known cyber awareness platform. But Bringme’s executives quickly identified some key problems in relying on their massive content library:
- From the library, the IT manager chose content at his sole discretion based on previous cyber security events. But as it turned out, those were not a good predictor of what kind of events would occur in the future.
- Since an overall learning path was lacking, there were no final tests that adequately probed whether employees really had absorbed all the information presented to them.
- The exercises jumped from topic to topic and offered no examples of day-to-day recognizable workflow threats; let alone security best practices on how to change behavior. How, then, could employees possibly be expected to know how to implement these learnings?
Result: The number of cyber events remained the same. The only thing that decreased was the money in the bank.
"The fact that a training platform offers a massive content library doesn't necessarily mean it's effective. The only thing that truly changes employee behavior is a holistic platform with personalized training tailored to the user." - Jo Vandebergh, CEO Phished
When I became CEO at Phished and started talking to potential customers, I heard that same story countless times: IT managers would try to educate people on cyber threats, using content from their cyber awareness platform’s giant content library, only to discover that this material was way too vague to ever change people’s behavior - allowing cyber incidents to keep occurring.
That’s why at Phished, I introduced a completely different approach. We founded the Phished Academy and designed a clear training path with bite-sized training sessions, featuring real-life working situations along with security best practices and policies to easily implement in your organization. At the end of each level, your co-workers' knowledge is tested and rewarded with a certificate. I’m personally involved in this creation process, and we continually adjust our training sessions based on feedback from IT managers and users. That’s how you change human behavior.
What’s more, we created these training sessions not only with the help of cyber security experts, but also with dyed in the wool operational managers and team members from different fields (legal, finance, marketing, etc.). That way, you get the best of both worlds: a cyber resilience training which adheres to the most recent security standards and a holistic education program which covers all topics within your organization.
Jo Vandebergh
CEO Phished