Scott's Human Cyber Security Insights for August 10, 2024

Hello Cyber Champions! ?? ??

This week, l cover new tips for building your security program and the latest cyber headlines. Here's the break down:

? The pitfalls and opportunities of Microlearning

? Ransomware severity is growing in 2024

? Live Cyber Security Awareness panel session on Microlearning

? Your summer reading assignment: The Quarterly CISO Report

? Rottenphish: Not everything should run like clockwork, including phishing tests

1) Tip of the Week: The pitfalls and opportunities of microlearning

When it comes to cyber security awareness, just like with foundational courses, retaining staff's focus and attention can be challenging.

Microlearning helps you break up the course-load into bite-size pieces of content, instead of one long learning session that is bound to lose employee attention. It's a great way to share small bits of knowledge more frequently with employees, and even to get them to hone their skills.

However, if your microlearning becomes too frequent or even constant, employee attention can become an issue once again.

This is especially true after many cycles of microlearning lessons (perhaps weekly), as people may start to "de-prioritize" or "zone out" the notification messages, and rationalize why they don't really need to do another one.

Finding the optimal formula and frequency for delivering ongoing microlearning content of varying types for cyber security awareness is important. When you mix it up a bit, that attracts attention, so you can keep employees engaged to consume, without it becoming too routine for them.

Experiment with microlearning in your security awareness training program and see where the sweet spot is for your frequency and length of course content.

2) Cyber in the News: Ransomware severity is growing in 2024

The threat of ransomware may be more of a threat than it was in 2023, despite earlier reports from some vendors that it is on the decline.

Rapid7 has tracked over 2.5k ransomware attacks in the first half of 2024. Doing the math, that's almost 15 publicly claimed attacks per day. This article in Security Week, does a great analysis of the reported ransomware attacks of the year so far. There are some interesting patterns within ransomware groups and families. It's worth a read.

3) Live Cyber Security Awareness panel session on Microlearning

If you've ever taken an hour-long, online compliance training course, you'll know why they aren't the best way for employees to learn.

In our next live CSAF panel session on August 21st at 1pm EDT, we'll explore some of the best practices and pitfalls of microlearning within security awareness and human risk management programs. You can sign up HERE.

4) Your summer reading assignment: The Quarterly CISO Report

Want to step back from the noise and operational firefighting? The Click Armor team has your back!

Get the ultimate strategic recap on the latest insights on security awareness and human risk management, in our Quarterly CISO Report. This report was distilled from transcripts of our CSAF sessions in Q2 of 2024, and covers the biggest challenges (and their solutions) of the quarter, identified and addressed by top security experts.

The report is designed to be an easy read, but with deep insights that you can use in your own human risk management program. Download it HERE.

5) Rottenphish: Not everything should run like clockwork, including phishing tests

Perhaps your phishing tests are meant to be "monthly". But that doesn't mean they have to be at the exact same time every month.

Most organizations I know that do phishing tests don't do them on the same day every month. In fact, I don't know if they could manage to do that, even if they intended to... ;o)

If you want to use phishing tests to actually assess employees' ability to make good risk decisions, you do need to randomize the test timing somewhat.

One thing I see fairly often is tests being launched first thing in the day. This timing can also become predictable.

So, when do you think it the best timing for delivering phishing tests effectively?

About Click Armor?...

The Click Armor platform is purpose-built to develop cyber confidence among employees. It uses interactive, immersive exercises and simulations to build a more resilient workforce through a more positive user experience and metrics.

Start moving your program from low-value, compliance-based training to be more focused on meaningful insights for employees, with targeted, role-based guidance using Click Armor's engaging, interactive content. We can also enable more effective remediation of your known employee security vulnerabilities, to support your Human Risk Management process.

Engagement enables better learning and attitudes

Of course, remediation requires engagement. If employees aren't engaged, they won't learn, and will remain vulnerable.

Click Armor? is the interactive security awareness platform that enables fast and easy remediation of cyber security awareness issues. It engages employees, unlike anything you've seen before to learn, retain knowledge and improve resilience to attacks.

Why is it more effective?

After 15 years of teaching security awareness, including running large scale live "phishing tests" on my customers' employees, I observed how people will use any excuse to "disengage" with awareness training. So, we created Click Armor to keep employees focused on learning, with a more rewarding and relevant experience.

Our immersive learning challenges and phishing exercises let employees face realistic email messages that may represent actual phishing messages, or legitimate ones. You can try our publicly available, "Can I be phished?" challenge HERE.

Find out how you can improve your team's cyber confidence while getting more employees through compliance training faster, strengthening your organization's security culture, and helping staff more effectively avoid phishing and social engineering attacks that target human vulnerabilities.

Make sure you are using the right tools to build a cyber confident culture, with a strong, positive and inclusive security training program.

If you'd like to see a quick demonstration of how Click Armor can be a key part of your human risk management program, check out this narrated video HERE.

Visit the Click Armor website at: https://www.clickarmor.ca