Why Continuous, Long-Term Training is The Only Way to Build CyberSecurity Champions
In 2003, a Swiss tennis player named Roger Federer won his first grand slam title – the prestigious Wimbledon championship. Federer has since won 99 ATP titles, making him the second most accomplished tennis player in tennis history.
From the early days of his career to this very day, Federer has implemented a 10-hour daily training regimen. He calls it “a lifelong plan” and without it – experts claim – none of his shots would have looked like the ‘famous Federer shot’ that tennis enthusiasts around the world consider nothing less than astounding.
Stephen Curry fulfilled his childhood dream and was drafted to the NBA in 2009. In 2014, Curry won the NBA Most Valuable Player Award and led the Golden State Warriors to their first championship since 1975. He has since won multiple awards, broke dozens of scoring records, and led his team to three playoff wins. Curry said in multiple interviews: “There are no days-off in my practice routine. I’m always working on my game, always trying to get better”.
Both leading athletes implement a continuous, dynamic training approach. They acknowledge that staying at the top means constantly evolving their training routine per their changing goals and physical abilities.
5 Reasons Why to Implement a Long-Term Training Regimen
Training for excellence means chasing a moving target. With each accomplished milestone, a higher and more challenging goal is created.
CybeReady’s training approach is no different. We train 100% of the workforce year-round using a smart, adaptive methodology. Our autonomous platform reduces organizational cybersecurity risk yet requires nearly zero effort to operate. The longer you keep the program running, the better your employees respond when faced with phishing attacks, minimizing risk and keeping your organization ahead of the curve. Here’s why:
1. Aim for more
When aiming for success, ’good’ is simply ‘not good enough’. Just like in an athletics training regimen, CybeReady helps employees build ‘anti-phishing muscles’ and sharpen instincts to immediately identify malicious emails when those slip through their mailbox. The more frequent employees practice, the faster they improve. While the largest KPI improvements are naturally noticed within the first 6-12 months, a steady improvement will continue to manifest even after 36 months.
2. Use it or lose it
We live in the information age and forget things faster than we are willing to admit. The simplest way to remember important things is to get them to the “top of the list” regularly. CybeReady’s research shows that an average of 12 “reminders” a year is just the right amount to keep employees aware without overwhelming them.
3. Stay ahead of the curve
Hackers are never idle; Phishing attacks constantly evolve and become more sophisticated, aiming to target employees at their most vulnerable moments. ‘Staying in shape’ means studying your new opponents and knowing what you’re up against – an essential practice to avoid falling prey to new phishing schemes.
4. Be all-inclusive
Modern enterprises experience high employee mobility from outside and within the organization. Similar to adding new players to a sports team, if new hires lag behind their peers, the team is weaker. The longer an enterprise delays new employee training, the higher the risk for the organization.
5. Don’t change a winning formula
Thanks to its smart, adaptive training methodology, CybeReady is the only solution that guarantees results within the first 12 months. Once you’ve collected the first-year results – keep it up, gain long-term benefits, and avoid unnecessary switching costs.
Continuous Training Generates 5x Improvement in Employee Resilience Score
(CybeReady Financial customer, data from a 2-year training period)
Learning Why Perseverance Matters – A Use Case:
What does halting the training regimen entail for companies? After running CybeReady’s anti-phishing simulation training for two years, an Insurance company had to take a 6-month break due to budgetary constraints. When resuming CybeReady’s training, we noticed the following:
- 25% rise in their high-risk (“Serial Clickers”) group (vs. pre-break data).
- 300% increase in click rate on low-difficulty-level campaigns that employees had mastered just before taking that break.
It took the company eight months to recover and get back to the awareness level they had before pausing the training program. During that period the company was exposed to a higher risk. These findings align with our data: continuous training keeps employees vigilant for 4-6 months, but typically, after a longer period of time, employee awareness decreases regardless of how long they had trained to acquire them.
Just like with any athletic training routines, when cybersecurity training is paused or halted altogether, those same skills that took hard work to develop, gradually deteriorate.
Security teams who thrive for gold should understand the value of tenacity and commit to training their organization’s workforce continuously; Employees’ resilience to phishing attacks is the ultimate win for everyone.