Digital Journal: How would you explain ‘Real Time’ in real words?
Stephen Burke: The coined term ‘Real Time’ can take on many forms. Indeed, we see it commonplace to take an employee who failed a phishing test, auto-enrol them in training and position this as offering a real time solution. But this is not real time. For Cyber Risk Aware, ‘Real Time’ training means so much more than this.
DJ: Do you have some examples?
Burke: ‘Real Time’ is responding to any risky behaviour an employee displays on the network, instantly! Also:
‘Real Time’ spots when an employee is downloading free software and explains there and then that this contravenes company policy and why it is risky.
‘Real Time’ explains to staff why they should not save data to cloud file sharing apps as and when it happens.
‘Real Time’ advises employees why they should not be accessing TOR networks before it’s too late.
‘Real Time’ offers staff automated on boarding essential training and education to help prevent future risky behaviour, saving people’s time by no longer having to do in-person sessions.
This is by no means an extensive list, but it demonstrates that real ‘Real Time’, delivers the right message to the right user in their exact moment of need. Scheduled training works by taking the problem and educating on it, but this can only go so far. ‘Real Time’ awareness training addresses the problem right then and there, which reduces the likelihood of recidivism.
DJ: What can businesses do differently?
Burke:For a business to have a fully integrated cyber security solution, it needs to facilitate behavioural changes in its cyber security education and training, in combination with technical tools to support this, such as any SIEM, DLP or Web Gateway. Cyber security is not an IT issue, but a business risk and it needs to be treated as such. Technological solutions alone can not protect a business from a cyber attack. Equally, the occasional staff training day or report can not be expected to prevent that ever present threat of a data breach.
DJ: Do you have any examples?
Burke:A recent study illustrated how 44 percent of employee mistakes were caused by lack of awareness of human cybersecurity principles; emphasising the need for regular, practical cyber awareness education & training on what constitutes a real threat to the business. This needs to be undertaken at all levels, across all departments, in companies of all sizes. Only then can behavioural shifts start to take shape. And only by building a strong cyber security awareness culture that runs through the veins of any business, can they protect themselves from cyber threats. Using real ‘Real Time’ training and education, a business can look to protect themselves from the inside out, creating that Human Firewall as a first line of defence.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.