(Cyber)security awareness & training

Security skills, especially those related to awareness, can be improved through training. Many low impact intrusions, both physical and cyber, are difficult to notice and could continue for weeks or months. The chances that a mal-intentioned intruder captures critical information or technologies grow, the longer an intruder can operate undetected. Therefore, training is crucial in enhancing people’s early detection skills of cyber incidents as well as the skills to be aware of other security risks and detect threats.

There are many different forms in which a training can be taught, but generally a training entails either a classroom setting or a practical, simulated attack (or part thereof). Simulated phishing attacks to train cybersecurity awareness in staff have mixed results and need to be retrained often. In general, organisations find it difficult to train their staff, especially security staff, due to time constraints. It takes large surplus capacities to take several team members away for training whilst continuing day-to-day operations. Nevertheless, the effects of training security awareness often outweigh the costs involved.

Related keywords: crisis simulations, simulators, serious games, competence training, simulated cyber-attack, cyber ranges