• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Could lack of security awareness cost $1 billion?

March 24, 2016 by Steve Sheck

bank heist guest post

Copyright: 123rf/joeppoulssen

The following is a guest post by a 2016 Secure360 Twin Cities Gold Sponsor Optiv. 

The conventional wisdom says that the difference between robbery and fraud is this: in a robbery you know money was stolen, but you don’t know who took the money; in fraud, you know who took the money, but you don’t know if it was a crime. In today’s world of digital banking, it is not obvious when money is being stolen or who has stolen the money when you realize it was stolen. A case in point is an $80 million bank heist in February from the Bangladesh Central Bank that could have approached being a $1 billion bank heist.

“Hackers misspelled ‘foundation’ in the NGO’s name as ‘fandation,’ prompting a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank, which stopped the transaction, one of the officials said.” Furthermore, the high number of transactions raised suspicions at the Federal Reserve Bank of New York, from where the funds were being transferred.

In today’s complex and highly transactional world, awareness is essential to stopping money from leaking out of your enterprise. While a similar attempt to defraud your company may not grab headlines, failing to address this sort of risk will feel as dramatic to you, when you are asked to explain why your personnel did not catch the scam.

The path forward

Do not treat security awareness training as merely a compliance issue, or allow your staff to attend it with complacency.

To maintain the attention of your audience, and to increase their retention of your material:

  • Start planning with a decision about what you want the audience to come away with, focus on those and reinforce throughout.
  • As you prepare material, consider what your audience will be thinking about; it needs to be your key take-away.
  • Attention spans are short – make your points early and re-engage their attention about every ten minutes.
  • Present problems to be resolved; a moderate challenge increases engagement.
  • Repetition reinforces learning; find ways to present your concepts after the formal training has ended.

Start with the end in mind

Does your current security awareness training enable your staff to recognize the types of attacks that represent your biggest risks? Be clear about your objective for training, focus on that and that alone.

What is your point?

Cognitive science has shown that what ends up in a learner’s memory is not necessarily the material as presented—it is what the learner was thinking about while the material was being presented. Ensure that training is focused on the points you need them to take away.

Make your point early

The attention span of a human is about ten minutes. If you haven’t changed topics, started a new activity or in some way shifted gears, you will lose their attention. Energize presentations by accenting a point with an anecdote or some humor that is related to the point, to draw students’ thoughts back to the training.

To make it easier for students to maintain attention, plan your lecture in sections that will last about ten minutes, make your point early in each section and reinforce it with explanation and examples through the body of the section. Close out the section with something that signals the change, such as the anecdote.

Challenge the student, but moderately

People love a challenge, but only if is not too hard. Or, as it turns out, not too easy. You might call it a “Goldilocks problem.” If the problem is too hard, meaning that it is not solvable given the audience’s subject matter knowledge, they will give up on the problem and turn to daydreaming. Ironically, if the challenge is too simple, they will judge the material as boring and turn their attention away.

Increasing knowledge is really about answering the questions posed by a person’s current knowledge. No subject is completely explored, there are always questions left at that frontier where existing knowledge ends. To make material more attention grabbing, the instructor’s job is to appeal to the student’s curiosity about those questions.

Organize your lesson plan around these types of challenges, ones that are at the frontier of your audience’s knowledge of the subject. Anticipate the questions they have in mind that will lead them into the new knowledge you would like them to possess. Make sure the questions that are posed are neither too challenging nor too boring.

Repeat after me, repetition aids retention

It turns out that attention span is not the only reason that four hours of lecture might be ineffective. Your workforce will retain more of the knowledge if it is repeated, but spread over time measured in days rather than hours. Research shows that “for learners to develop the full meaning of the information, the connection with that initial information must be strengthened through repetition (McKeachie’s Teaching Tips: Strategies, Research, and Theory for College and University Teachers. 12th ed. Boston: Houghton Mifflin, 2005).”

Tests regarding the study technique for tests that we call “cramming” have shown that short term, intense, studying does improve tests scores, but that retention of the material is short term. Less intense studying, spread over a longer period of time with repeated events, creates a greater likelihood of long term recall of the material studied.

Conclusion

In today’s fast paced world, attackers can take advantage of that pace to induce costly errors in your work environment. Ensure that your awareness training is focused on your risks and delivered in a way that encourages the right behaviors to prevent that dramatic, or even small, loss.

Filed Under: Guest Posts, Business Continuity Management

About Steve Sheck

Steve Sheck brings more than fifteen years of experience in securing and protecting data to his role at Optiv. As a solutions research analyst in the Office of the CISO, Sheck researches security issues and solutions, offering guidance on policy, process and technology to manage risk and best mitigate threats. Sheck is currently focused on security awareness training and application security.

You can find Steve on LinkedIn or on the Optiv company website.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Marketing Envy
    Marketing Envy: [New Blog] 2020 saw in-person conferences evaporate, but with vaccines rolling out, 2021 could be different. H… https://t.co/4YONwZNsDa
    about 2 days ago

  2. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 4 days ago

  3. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 6 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.