It’s no secret that cyber security investment is pinnacle to the safety and security of your business. There has been a consistent rise in erecting cyber security infrastructures across companies over the past decade, including adopting teams of skilled cyber professionals to protect businesses. However, with human error underpinning a huge proportion of breaches, the question is posed, is this enough? There is significant benefit to widening cyber security awareness, skills, and culture across the entirety of your workforce, and we’re here to help make this necessity actionable.
Past the security team - why train your workforce to the same technical level?
Statistically speaking, human error contributes to 95% of successful security breaches. On top of this, cyber attack frequency has been rising. Last year there were 50% more weekly cyber attack attempts than average, with continued risk through 2022.
Common attack types such as malware and phishing attacks target people directly, showcasing the imminent need for cyber skills across all employees. It doesn’t make sense for the cyber team to undo the problems other members of the organisation may contribute to - businesses should hone in on the internal risks before branching out.
Securing a budget and the time for team training can be a tricky element to navigate, and often underpins the exact reasons businesses put off crucial training. To justify this need, it’s worth exploring the cost and repercussions a breach can have on your business:
- GDPR - Protecting personal data, a breach of consumer information can set your business back in reputation and financially. In the UK, maximum fines of 17.5 million GBP or 4% of the annual turnover are in place, with variants over the globe.
- Customer trust - According to a study, 41% of UK consumers stated they would lose trust and loyalty to a company that has faced a security breach. (Additionally, a staggering 88% of US respondents said they would stop using a company for several months after a breach.)
- Data recovery - With many cyber attacks launched for financial gain, the cost of retrieving data can be detrimental to the company.
- Disaster recovery - In the period following a breach, the time and cost of getting your business back up and running can also be significant.
Find out more in our post, why businesses are investing in cyber security.
How to train your workforce to the same technical level
The first step to achieving a shared priority shift across employees is to attain team buy-in - the team has to believe in the importance of the movement. We often speak about building a team-wide cyber culture, where employees feel empowered to learn and work within security practices, and feel confident detecting and reporting potential threats.
In our guide to building a cyber culture across your organisation, we explore creating an internal communications framework for reporting suspicious activity, vital training, security tools, and remote adaptations to adjust best practices to suit your mode of work.
It’s important to remember that some internal departments are naturally less technical than cyber security employees, so an easy-to-follow, enjoyable mode of training that employees can complete in their own time is key. This is where we come in.
TryHackMe cyber security training is suitable for the complete beginner with no prior knowledge, through to the seasoned hacker, with labs ranging in difficulty and covering essential topics through to complex threats and mitigation methods.
For the initial employee buy-in and culture building, we recommend all staff undertaking cyber security awareness training, to understand the key risks associated with cyber attacks and how they can be affected.
From here, TryHackMe for business allows you to access over 500 virtual training labs and create custom pathways to present the most relevant training to your team. Depending on your key concerns as a company, you can pick and choose between offensive and defensive labs and alter any terminology to reflect the organisation.
An example training outline could be:
- Cyber awareness training - Understand what it takes to be security conscious by walking through the most common industry attacks and mitigation methods.
- Pre security - This learning path explores the pre-requisite technical knowledge to get started in cyber security. To attack or defend any technology, you have to first learn how this technology works.
- Continued training can cover a deeper range of relevant cyber security topics, including Metasploit, web hacking, network security, Nmap, pentesting, privilege escalation, threat management, vulnerabilities, exploitation, and more!
The TryHackMe management dashboard enables management to quickly see employee progress, and if individuals need help with any particular topic. All of our training walks the user through learning in an engaging, hands-on format - so users can directly relate learning to jobs with real-world experience.
Depending on the department in question, you can adapt the training rooms and paths to reflect relevant risks. Many companies use us to train their wider IT teams, lawyers, and staff regularly using internal platforms - pushing past the breadth of purely cyber security related roles. We can help you filter down the ideal training for your teams, just get in touch.
Security champions are employees with a passion for cyber security, helping to amplify the message across teams.
Developing a security champion programme can be a significant element of your cyber security training plan, as it helps keep the momentum of training going and instil the message across teams, regardless of the interest levels in cyber security.
Naturally, cyber topics will resonate with some team members more than others. Security champions can clearly and concisely explain the technical language to team members to keep everyone on the same page; helping to achieve a technical level of cyber security across the entire workforce. Once you open up training to your teams, introducing this programme will complement training drives.
Strengthen your cyber security standing today by training your workforce to the same technical level.