Why is story telling vital to raising cyber security awareness?
Pooja Shimpi ??
Founder SyberNow | ??2 x Global 40 Under 40 in Cybersecurity | Award Winning ??DEI Advocate | CISO | Speaker | CISSP | Expertise in Cybersecurity Awareness | Judge for Reputed Cybersecurity Awards
Well, let’s face it – the cyber crooks are spinning tales to cheat. Check out the below article and you will know how cyber criminals used storytelling to cheat unsuspecting people. In this case, it was the widely nationally publicized event of the Ayodhya temple inauguration.
Why haven’t we been able to stop such crimes?
One school of thought would be, that these victims had no clue i.e. they did not have much awareness related to such threat vectors. But there exists so much material which has been talking about the same threat vectors over and over again. Phishing, SMShing, Quishing, Vishing, it’s all out there – practically on all channels – newspapers, social media, chat messengers, TV channels, radio, etc. etc.
Then why we still keep falling victims to the same scam over and over again?
Sometimes, the most perplexing question has a simple answer. But in this case, it’s likely that we are not asking the right question.
Instead of asking “why we haven’t been able to stop these crimes”, we should rather be asking “why these criminal tactics have been so successful” not just in India, but everywhere in the world.
And the simple answer is – the usage of effective storytelling.
With beautiful stories woven into plots, that thicken with each layer – criminals today are not just manipulating people’s emotions, they are having a ball. They are no longer amateurs in storytelling, they are the true experts.
How do we make humans the strongest defense?
One thing we should definitely NOT continue doing is, to keep serving people with boring content that supposedly raises awareness.
In fact, such content is doing more harm than good. It does not make people or organizational employees more aware; it causes fatigue and low productivity.
The true antidote to the cyber criminals’ stories churning victims after victims, is to give awareness content that tells stories.
People are smart, they learn faster and retain better with stories.
?What’s storytelling in cyber security awareness?
This is what a Chief Information Security Officer (CISO) told me recently –
“The cyber criminals are offering a complete Bhelpuri to their potential victims while we are offering them boiled potatoes when it comes to awareness trainings. It just does not add up!”
And boy, is that true! Criminals are mixing the murmura of social engineering, mingling it with diced onions, boiled potatoes, and tomatoes of social media, poisoning it with hot chutney of threat vectors such as ransomware & malware, adding in just the right potion of tangy tamarind sauce of cultural aspects, and topping it up with thin crispy sev of emotions. And then dressing it up with “disguised” green coriander that makes the already lip-smacking snack look even more sumptuous.
A delicious bhelpuri makes the potential victim’s mouth water and they readily lap it up – unknowing of the poison that has been injected into the mix. Let’s call this “Bhelpuri-as-a-crime”
And what do we offer in terms of awareness programs? Plain definitions - that are nothing more than – well, you guessed it right. Boiled Potatoes!
Would a person jump upon a delicious bhelpuri or savor the boiled potatoes that we offer them? It’s an easy guess that the cyber criminals offering bhelpuri-as-a-crime win big time. Appealing stories are as good, if not better than a delicious bhelpuri. If we have to beat cyber criminals in their game, its time we dish our content that are as appealing as a delightful bhelpuri.
So, what’s the way forward?
Cyber Security awareness trainings need to evolve. The existing trainings no longer make sense – be it power point presentation, motion-graphic based videos, instructor led trainings – all fail to cope up with the real need of the hour.
And the way we can change this is by storytelling. We are glad that at SyberNow we are leading by example.
Let’s face the truth – in today’s digitally immersed world, everyone including corporate employees have gigabytes & terabytes of 4K & Full HD content to choose from. Even the news is made in an entertaining format so that they can engage audiences. Then, isn’t it a surprise that we are still subjecting people to uninspiring content that fails to engage, leave alone training in concepts of cyber security awareness?
Teaching definitions is old school. Remember that scene from 3 Idiots – where the professor asks definition of a machine, and Rancho describes it in, well a pretty much non-definitional way! The professor is undoubtedly ticked off, as the response doesn’t make sense to him (from an examination point of view).
Well – the fact is, we still subject adults to similar type of classroom content full of rote-learned definitions – that even the kids don’t pay attention to anymore. This is true even in security awareness trainings.
And then there are expectation that employees to smartly identify phishing simulation emails. They will surely fail. Why? Because they have simply never learned how cybercrimes operate! All this while we have been teaching them boring definitions (this topic requires a dedicated article, stay tuned)
Hence, there is an urgent need to change the way we approach awareness trainings. It’s high time we train in the right and storified way, cause if we don’t – people including organizational employees will keep consuming the delicious bhelpuri churned out by cyber criminals. Because as of today, the cyber criminals are the smartest story tellers.
So, what is storytelling in security awareness?
Storytelling is the art of using characters, culture, voices, soundtrack, woven into narratives inspired by real world cyber-crime, and presented as short films.
It serves as a purpose of entertainment, education and exploration of complex ideas.
Effective storytelling captivates the audience, evoke emotions, and leave a lasting impact on individuals, societies and organizations with respect to raising security awareness. It helps build a solid cyber safety culture.
-by Pooja Shimpi & Sameer Gemawat
SyberNow
?
?
Cybersecurity & Legal Tech recruiter | UK, Europe & USA | InClusive InCyber networking breakfasts for Women in Cyber I Get access to exciting new opportunities & the best IT Security & Legal Tech talent
9 个月couldn't agree more Pooja Shimpi ??. It's crucial to engage the audience and the best companies are using creative techniques (principally story telling) to help their staff understand the importance of good cyber hygiene
Cyber Security startup Advisor at SecComply|Co-Founder & Chapter Lead for FutureGpt Pune/Mumbai | Awarded women influencer in cloud Security| Securing the world's best startup
10 个月Super
B2B Cybersecurity Content Specialist | 4X Cybersecurity Awareness Champion | Writer at Medium & HackerNoon | CySec Writer| B2B Technical Writer | Making Tech interesting for SMBs and Startups
10 个月Storytelling has been a part of human evolution since time immemorial; earlier, our ancestors used their oratory skills to pass on the learnings through storytelling to the younger generation; now, there are books written to learn from them. But somewhere along this, we forgot the value of good storytelling skills and adopted the rote-learning pattern. Today, the need is to serve each individual what they prefer now, which can be a mouth-watering bhelpuri or sev-puri. Or it can be something more elaborate, like dum biryani cooked slowly. A great write-up guys.
The famous 3Idiots scene "What is definition of a machine?" - https://www.youtube.com/watch?v=DKzBmRRdPXo
Business and Operations Intern at Vesatogo Innovations.
10 个月Nice article ??