‘Boring, long and technical’ cyber security training is pointless

Companies need to make cyber security training fun or run the risk of getting hacked, according to IT best practice consultants Axelos.

Dull cyber security training exercises are ineffective in changing behaviours says Nick Wilding, Axelos’ general manager of cyber resilience.

He adds that too much of the training he’s seen is “boring, too long and too technical”.

Mr Wilding says one of Axelos’ programmes makes cyber security training more enjoyable by including a phishing game that puts staff into the shoes of an attacker. The result is participants better understand the techniques of criminals, which helps them identify potential risks.

“You're given access to multiple emails and you can try and steal money and sensitive information,” he explains. “You're told throughout the game why a particular attack has failed or succeeded, meaning you get better at identifying the telltale signs of an attack.”

The language used to educate staff is often critical too, he insists, adding that staff need simple, practical guidance to make more vigilant and resilient decisions at home and at work.

“Businesses need to realise that if they aren't serious about their cyber security they will be attacked, and it will be very likely that the reason they are compromised is due to human error,” Mr Wilding concluded.