By: Michal Gil, Head of Product, CybeReady
No-one is an island. All IT security professionals and their organizations can be impacted by external influences. This can present an overwhelming challenge to what can be achieved, moving many to harness the power of their community to help them overcome such issues. As Helen Keller famously said, “Alone we can do so little; together we can do so much.”
“With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective,” noted experts from the RSA Conference this year.
Machine Learning: Allowing Data to be Greater than the Sum of its Parts
This message holds an incredibly powerful lesson for the world of Security Awareness Training.
When organizations perform phishing simulations and security awareness training in a silo, they can only ever learn from their own employee performance data. By acting on their own data alone, they experience a number of problems, including:
- Extending time to value: Each customer is a blank slate, and the platform will need to learn over time via trial and error which testing is effective, and which doesn’t fit the bill.
- Limiting available intelligence: Very few companies have even tens of thousands of employees to glean data from, let alone millions. Most will be reliant on learning from a small data pool.
- Opening the business to risk: While Security Awareness Training catches up, employees are not learning. This means they are far more likely to fall victim to phishing scams and leak sensitive information.
Many organizations today are embracing the concept of “stronger together,” and use this to take their security awareness training to the next level. When backed by a data-driven training solution that compliantly gathers and uses crowdsourced information, businesses and their employees benefit from the collective intelligence of the technology to reduce risk. The use of Machine Learning to optimize employee training content and even the frequency of testing, the business will experience more exact and effective training, based on data from other organizations of similar sizes, industries, and geographies.
Hitting the Ground Running with Effective Security Awareness Training
To understand the revolutionary benefits, consider the way that an application like Waze works to provide the user with an optimal experience. If every user simply had their own route and driving data, the app would be far less useful.
Instead, by gathering all relevant user data into a single data stream, a driver can be alerted to congestion on their route, provided with smarter route planning, and even given additional information on external factors such as speed cameras, potential parking locations, and charging infrastructure. Customers are benefiting from the millions of data points that have been fed into the platform over the years, and they can reap those benefits from day one.
A premier security awareness solution offers similar benefits. A customer who is joining with such an organization never has to start from scratch because the data accumulated in the platform suggests ideal campaigns to start with, based on organizations with a similar demographic. As a result, an organization is able to focus on its core business while reducing risk throughout its environment.
Advanced cybersecurity awareness training platforms are now using two distinct feedback loops – the data from employees’ performance, and also CISO preferences. These platforms can identify what is working best from how employee performance metrics are evolving over time, and we also have insight into the behavior of security decision makers. If for example a number of CISOs that work for financial institutions all select or deselect specific simulations or training content, new banking customers will be able to see that reflected in their own campaign recommendations.
These suggested campaigns simply act as a starting point. After 3 or 4 cycles of training, the algorithm will be able to use real-world employee data and optimize training based on organizational performance.
Best thing? The more customers using an ML-powered solution, the more data is fed into the solution, and the better the training can become, both internally, and for the whole userbase. Thanks to collaboration and community – the customer ultimately benefits from the reduction of potential threats that may impact the business.
About the Author
Michal Gil is an accomplished product leader with a passion for developing innovative solutions that meet the needs of modern users. Currently serving as the Head of Product at CybeReady, Michal leverages her extensive experience in product development to drive the company’s vision forward. Michal is driven by a deep commitment to delivering exceptional user experiences and loves the challenge of taking complex problems and turning them into elegant, simple solutions. She is a firm believer in the power of teamwork and collaboration, and strives to create an environment that is inclusive, supportive, and empowering for everyone.