Malicious threats have been a part of the Internet culture for what seems like forever. However, with employees now working from home, cyberattacks have significantly increased.
It’s common for hackers to target organizations – especially those that choose to ignore the importance of cybersecurity. And though there are many quality cybersecurity measures that can be implemented, such as antivirus software or a VPN, one of the most crucial services that an organization can invest in - cybersecurity awareness training - often gets overlooked.
We invited Mike Polatsek, the Co-Founder and Chief Security Officer of CybeReady, a company that provides a unique Cyber Security Awareness Training platform, to have a discussion. On top of explaining how security awareness training works, Polatsek shared his views on the current cybersecurity state.
What was the vision behind CybeReady? Can you tell us more about your story?
CybeReady’s vision is “Readiness for all in a single click”. “Readiness” is our vector – this is the learning objective towards adopting security behaviors. When stating “for all”, we mean corporate companies, SMBs (small to medium-sized businesses), consumers, families, and many more. At this point, we are focusing our business efforts on the B2B model. In the future, we will expand and try to reach other audiences. Also, what we mean by “in a single click” is that CybeReady supports all training operations – from program deployment to content – with advanced automation and machine learning technology.
Can you introduce us to what you do? How do you manage to keep the training both educational and engaging?
CybeReady provides a platform with ready-made programs and content that are delivered automatically and adaptively to corporate employees. The programs follow three basic learning principles which are embedded in our platform:
- Learning by repetition
- Shaping cognitive schemes under different conditions
- Moving from extrinsic to intrinsic motivation
You state that the future of human learning lies in machine learning. Would you like to tell us more about this approach?
Machine learning allows us to monitor all the touchpoints from our learning triggers. By creating multiple data points continuously, we can tell what works and what doesn’t, and make a decision that optimizes the next learning cycle accordingly. Imagine a teacher in a classroom who realizes that some of the students don’t understand her. She needs to decide what her next move will be – a question, an example, or a new explanation. Most of the activities will approach the average one-size-fits-all. With machine learning, we can adapt the learning path in much more effective ways. Moreover, we can also monitor the sentiment and suggest more relevant content to any group of employees.
Since the pandemic uncovered cybersecurity challenges worldwide, what would you consider to be the main takeaways?
The main takeaway for me would be switching to remote work and putting more responsibility on the individual’s security behavior. Today more than ever, employees are making their own decisions. Since the CISO isn’t there to watch them closely and no colleagues are sitting in proximity to ask advice, this is a reality check for the corporate security culture.
The training needs that arose during COVID-19 revealed that employees need to have much more practice and be exposed to content that follows two main characteristics:
- Non-threatening. We don’t want to add more pressure to the personal situation at home. Therefore, the language should be positive and direct.
- Micro-content. The content employees consume should be practical and prioritize the “doing” over other content elements. They should also be short and to the point. These two characteristics will transform the content to be engaging and generate a more meaningful learning experience.
In your opinion, what types of attacks are we going to see more of in the near future?
There is nothing new under the sun – these are the same old tricks with COVID-19, plus the ‘remote work’ context. We did expect and found cyber attacks that relate to the vaccine, health insurance, deliveries, online shopping – all the derivatives of the employees’ new surroundings which include remote work and spending more time at home than in the corporate environment.
Why do you think certain companies often overlook employee cybersecurity training?
For me, it has been the greatest mystery for more than 15 years. In education, it is said that “if you think education is expensive – try ignorance”. The known fact is that 80-95% of breaches are due to human errors, so when a company thinks that awareness training isn’t a priority, it’s simply beyond me. Part of the reason why companies may overlook it might be because awareness is a very fuzzy term and past solutions haven’t made an impact on employees. That is why in CybeReady we define “Readiness” as the final goal, which, as opposed to awareness, can be measured and improved.
What can companies do to minimize the risk of falling victim to ransomware? Does it come down to updating security measures or providing training for employees?
As in all security models, a solution should be a combination of people, processes, and technology. As a leading training company, we understand that an effective training program is only one part of a security chain, and we share these beliefs and assumptions with our customers.
And finally, what’s next for CybeReady?
CybeReady has an exciting road map to fulfill our vision. We aspire to keep listening to the market needs while creating new capabilities within our current platform, as well as innovating and adding value to security teams. We continue to transform the security awareness training space with a holistic approach that will make an impact on the organizational security culture and employees’ security behaviors across the globe.