If you’ve ever completed a video game you might have been somewhat underwhelmed. You spend hours mastering the controls, upgrading your character and progressing through levels, only to reach an eventual impasse: the crushing finality of ‘game over’. Sure, you can replay on a harder difficulty, but the learning curve and sense of adventure – the elements that make for a great campaign – are missing. And at this point you might begin to wonder, was it really worth it? In some respect cyber security is similar. To be successful, the ‘players’ must defend, attack and boost their capabilities. But unlike video games, there is no 100% completion rate – and this can be a tantalising prospect for those obsessed with developing skills.
Like gamers, security experts are curious, creative individuals with a penchant for problem solving; their industry never stops moving, and many even consider it a lifestyle. This is good news for employers, considering how fast the threat landscape moves and the dedication it demands from those studying it. However, not all learning methods are created equal.
Bottom of the pile when it comes to cyber skills development is the classroom. Not only are these relics of the industrial revolution constrained by time and space, they are also too stale for the inquisitively inclined. Worse still, the material taught is typically prepared weeks (or even months) in advance, which means by the time it reaches the learner, said material is already old news – a security fossil.
What we do know is that cyber learning must occur often to be effective. Attackers move rapidly and will always boast first-mover advantage, so those opposing them must continually develop skills just to keep pace. For learners to maintain such a high level of development, the right environment is essential. That’s why we champion unrestricted access to resources and enable our users to upskill anywhere, any time. We believe cyber learning should be as accessible (and enjoyable) as a novel on a train or a podcast on a bus. And that’s why our platform is lightweight, engaging and – perhaps most importantly – fun.
It’s not only those opposing threats on the front line who must engage with continuous learning, though – your organisation’s biggest weakness is still its people, no matter what department they sit in.
Willis Towers Watson and ESI ThoughtLab found 87% of global organisations see untrained staff as the greatest cyber risk to their business, while Secureworks’ Incident Response Insights Report 2018 discovered 42% of attackers gain entry from successful phishing scams. These statistics reinforce the need for continued cyber skills development in the workplace. Savvy attackers will always target a company’s people first, using tried-and-tested methods such as spear phishing and social engineering to gain a foothold. To leave even a single employee untrained is negligent, and everyone in your organisation should possess basic cyber awareness.
You shouldn’t be fooled, however, into thinking one-shot training will facilitate learning; asking your employees to be secure after one training day is like asking them to fight fire with a pipette. It just doesn’t work. Your organisation is only as secure as its least savvy employee, which is why security training must take place regularly – at least at some level – across the board. And to be effective, this training must be both current and engaging. We understand this at Immersive Labs, which is why we’ve designed gamified content for everyone from beginners to SOC analysts to board members. Better still, this is accessible 24/7 directly through your browser.