The World Changed — Cybersecurity Must Catch Up with Radical New Training
The problem, Stratford says, is not just a lack of cybersecurity awareness training, but getting training that works to the people who need it in the way they will actually use it. Most training doesn’t actually accomplish anything, and the numbers prove it.
The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption can be devastating; 60% of small-and-medium-sized businesses close within six months of experiencing a cyberattack. (1) Meanwhile, the problem is growing rapidly especially because of changes due to COVID-19; global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015, reported by Cybercrime Magazine.(2) “Cybercrime is a global problem,” says Drip7 founder and CEO Heather Stratford, “but in every organization, there is a very local potential solution: a vigilant, engaged, and properly trained workforce.”
Over 90% of all cyberattacks, notes Stratford, are executed using information from employees who unwittingly give away their system ID and access credentials to hackers.(3) The problem, Stratford says, is not just a lack of cybersecurity awareness training, but getting training that works to the people who need it in the way they will actually use it. Most training doesn’t actually accomplish anything, and the numbers prove it. According to research from Forrester, she notes, over a third of employees who have had security awareness training still admit to disregarding security policies.(4) Microlearning, says Stratford, which breaks content into bite-size chunks, has been demonstrated to produce much better results than the traditional lecture-followed-by-a-test approach, both immediately and in terms of longer-range retention.(5)
An even more effective approach with today’s workforce, says Stratford, is a newly introduced breakthrough solution. It is called Drip7. By combining microlearning with gamification, the program applies game design to cybersecurity awareness training to increase retention. The most obvious parts of game design are points, awards, and leaderboards—but includes much more. Stratford notes that in a recent survey of nearly 900 employees, 83% of those who received gamified training felt more motivated as a result, while 61% of those who received non-gamified training felt bored and unproductive.(6)
“We call it Drip7,” says Stratford, “to emphasize a basic point: you don’t internalize something by hearing it once. You need to hear it seven times to remember and put the knowledge into practice.” Instead of lectures that remove employees from work, Drip7 training arrives in the form of a question a day that the employee answers. This increases engagement in learning and retention, and at its core keeps cybersecurity in the employee’s mind—not by force but through play.
Stratford, CEO and Founder of the cybersecurity training company Stronger International, developed the framework of Drip7 as part of a project to enhance the cybersecurity training within a large hospital system. As awareness of the solution’s capabilities spread it became apparent that the combination of microlearning, customizability, and gamification leading to high ongoing employee involvement answered a need not simply for one client or industry but for a worldwide digitized economy.
Drip7 is sold on a licensing basis, with over 80,000 users already licensed on the platform. For more information, please see drip7.com. “This isn’t a learning management system,” says Stratford, “It’s a way to make learning and training actually do what they need to do. Our goal is to take the fear out of cybersecurity and make it both fun and effective.”
Drip7 is the brainchild of cybersecurity expert Heather Stratford as a result of a client wanting to fix a specific problem: empowering the weakest link—the human—to use better cybersecurity. With its first few clients (a large educational institution, hospital system, and government agency), Drip7 is proving its usefulness in changing the old system of training and information retention in any workforce. Stratford explains it as, “Drip7 is a micro-learning platform that is re-inventing the way organizations train their employees and build lasting cultural change within them, especially in today’s age of remote workforces.” Visit drip7.com
1. “4 Damaging After-Effects of a Data Breach.” Cabinet, 19 Nov. 2020, cybintsolutions.com/4-damaging-after-effects-of-a-data-breach/#
2. Morgan, Steve. “Cybercrime To Cost The World $10.5 Trillion Annually By 2025.” Cybercrime Magazine, 21 Dec. 2020, cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/
3. “Employee Errors Cause Most Data Breach Incidents in Cyber Attacks.” PR Newswire: News Distribution, Targeting and Monitoring, 29 June 2018, prnewswire.com/news-releases/employee-errors-cause-most-data-breach-incidents-in-cyber-attacks-300342879.html.
4. “New Survey Reveals Cybersecurity Training Is Missing the Mark as Employees Workaround Company Security Policies.” GlobeNewswire News Room, “GlobeNewswire”, 3 June 2020, globenewswire.com/news-release/2020/06/03/2042632/0/en/New-Survey-Reveals-Cybersecurity-Training-is-Missing-the-Mark-as-Employees-Work-around-Company-Security-Policies.html.
5. Grovo, et al. “Why Microlearning Drives Over 20% More Information Retention Than Long-Form Training.” Grovo Blog, 1 Jan. 1965, blog.grovo.com/microlearning-22-percent-more-retention/#:
6. “Gamification at Work: The 2019 Survey Results.” TalentLMS Blog, 15 Jan. 2020, talentlms.com/blog/gamification-survey-results/.
KARLA JO HELMS