When employees have conflicting priorities they may take actions that they think will make them most productive. This can introduce risks into business processes. Management has to take some responsibility beyond saying “be more careful.”
Achieving compliance should not be the goal of a board of directors or C-suite. Aiming for a more mature risk-based approach that uses gamified learning will provide better assurance, and better value that traditional compliance-based security awareness training.
If your organization’s security awareness training is causing training fatigue, can it really be helping employees to resist cyber attacks?
Over the past year, many of you have heard me mentioning that I believe "Game-Based Learning" techniques can vastly improve the effectiveness of cyber security training. Well, I've been very busy this summer building a team to bring this concept to life as a new cloud-based solution for businesses.