A fifth of companies lack cyber security training, with 20% of businesses saying employees have never received training. Considering the fact cyber attacks occur approximately every 39 seconds, businesses are becoming increasingly aware of the need for training but are often unsure of where to start. With barriers such as a lack of employee engagement and a plethora of outdated tools available, it is clear to see why businesses have been previously apprehensive about starting.
The team at TryHackMe have worked to change this mindset. TryHackMe offers offensive and defensive gamified training content across over 500 online labs, with learning tailored to all skill levels. We have launched a new series of interactive training designed to give a baseline understanding of cyber security and common attacks, serving as a brilliant, accessible, introductory training tool for companies and individuals alike.
Why undergo awareness training?
It’s no secret that awareness training is an essential tool to defend against the increasing rates and complexity of cyber attacks, right from the frontline. Many common attacks target employees and other company stakeholders, which accounts for human error contributing to 95% of security breaches.
Ensuring everyone in the company has a fundamental understanding of cyber security helps to amp up defence - a huge proportion of breaches can be prevented with the correct training measures. On top of this, cyber security best practices allow your company to align with GDPR compliance, avoid costly fines, build consumer trust, protect data, and streamline disaster recovery.
What topics are covered?
For the initial steps in understanding the cyber security market as a whole, the team here at TryHackMe have collated the following resources, which are completely free training labs for businesses and individuals.
- Security Awareness Introduction
- Common Attacks
Security Awareness Introduction
This lab serves as the first step to understanding cyber security and why it is essential to adopt a cyber-aware mindset in working and home life. It touches upon data and account security, potential targets, the impact of cyber attacks, and cyber threats and actors.
Below is an illustration of large companies' top ten data breaches, the number of people affected, and data breach type - including personal details, passwords, phone numbers, bank details, and more. This type of tangible information highlights the need for training and helps to pique interest through exploring well-known brands and breach effects.
This training lab aims to educate readers on the most frequently occurring attacks faced across the cyber landscape, alongside tools and advice users can leverage to stay safe and mitigate risk.
Attacks covered include:
- Social engineering
- Malware and ransomware
- Password and authentication breach
Internal teams often contribute to breaches spanning these attack types, which correlates to the very reason businesses are looking to launch cyber security training. Making teams aware of the risks they are exposed to is key to reducing the risk at hand. The lab also explores safety practices such as public network safety, backups, updates, and patches in an interactive format, to strengthen defences and teach transferable skills.
How to adopt this at work
We delve deeply into the how and why in our post: How to build a cyber culture in your workforce.
As an overview, an essential first step is to build a culture of knowledge sharing around cyber security. With human error being a recurrent factor in breaches, employees can feel worried about the repercussion of actions that could have led to a breach - which can hinder reporting threats or concerns. Understanding the current team mindset is vital in order to address concerns and convey the importance of training and knowledge sharing.
With this, an internal communications framework enables employees to report suspicious activity with ease, allowing the appropriate course of action to be swiftly taken. Choosing the best training and security tools for the needs of your business helps to action learning, allowing employees to work efficiently and confidently.
Employee engagement is another key consideration to adopting training in the workplace. Many companies utilise incentive structures to boost employee buy-in, for example, using an internal point-based system to complete training labs. In addition to this, TryHackMe features gamified training with interactive labs and our competitive hacking game King of the Hill, where players aim to compromise a machine and patch vulnerabilities to maintain access.
Check out more of our training resources:
- Why businesses are investing in cyber security teams
- The cost of human error in cyber security
- Why cyber security needs to be a priority to your business
Introducing cyber awareness training can open the door to creating security champions within the company. Security champions are team members who don’t necessarily sit in cyber security job positions but possess a passion and deeper understanding of cyber security - which helps to set security standards for other team members and improve the overall level of security in the business.
Whilst TryHackMe has a plethora of labs and training for beginners just starting out in cyber security, we also have labs suited to experts in the field. Our training pathways explore high-level offensive and defensive content and allow cyber security teams to stay on top of new threats and advances in the industry. This keeps the company safe and structures training in an easily-trackable, efficient, and engaging way.