Please don’t send me to cybersecurity training

You clicked on a bogus email, and you should’ve known better. Now you’re going to cybersecurity school.

Huh? I don’t want to go.

Talk about engaged students. But sadly, that’s the case at many organizations that penalize employees for clicking on a phishing email — they sign them up for security awareness training.

You can’t blame them, though: 91% of cyberattacks and the resulting data breach begin with a spear phishing email, according to a 2016 report from PhishMe. Meaning, the overwhelming majority of hacks are initiated by employees clicking on emails containing some form of malware.

Need for cybersecurity education rises

The need for cybersecurity employee education is on the rise. Cybersecurity Ventures predicts the security awareness training market will grow from $1 billion in 2014 to $10 billion by 2027.

The massively expanding human attack surface is currently at 2 billion-plus people online, and Microsoft expects that figure to reach more than 4 billion by 2021. Every person is a candidate for security awareness training.

Today, employees at organizations of all sizes globally are being trained on security. In the future, the market may see individuals signing up for their own training, pre-employment, positioning themselves as cyber-aware job candidates.

There’s a shifting dynamic in the security awareness market, with numerous vendors helping employers to position training programs as something more than a perceived punishment.

Unique security awareness training programs and tools

Interesting offerings from security awareness training vendors:

• Digital Defense got creative and developed their SecurED training program in collaboration with award-winning Hollywood comedy writers. Laughing may prove to be the remedy for boring security classes.

• Inspired eLearning’s Security Awareness for the C-Suite turns clueless CEOs into cyber-aware executives, who are then more likely to engage their employees to follow.

• KnowBe4 has filmed and productized Kevin Mitnick, the world’s most famous hacker, into the computer-based-training (CBT) industry’s leading man. For employees, it’s like going to the movies.

• MediaPro provides employers with an eBook and toolkit that explains how to create engaging content — the meat of a successful security-awareness training program.

• Phishline doesn’t stop at Phishing. They help organizations train their employees with Vishing (voice mail simulations) and Smishing (SMS/text phishing simulations).

• PhishMe’s simulated phishing training turns employees into human firewalls by launching seemingly real phishing attacks on them over and over again. Who wouldn’t want to be called a human firewall?

• Terranova helps organizations build a culture of security with unique post-training tools such as customizable newsletters that organizations can use to embed security into the mindset of their employees.

• Wombat Security provides everyday tips that employees can relate to — such as improving their own data privacy, shopping safely online, and even dealing with security vulnerabilities in cars.

With a growing phishing epidemic, employers need a hook to engage their employees on security awareness training. What’s yours?

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.