Cyber security training provider Cyber Risk Aware has launched a new training module. The module, Real Time Intervention Awareness, looks for risky behaviour by users. When it detects something it targets the user with specific training messages.
Stephen Burke, CEO of Cyber Risk Aware comments: “This a truly transformative approach to cyber security awareness training and has the power to significantly improve the way organisations manage the risks associated with human error. The timing of training can be as important as the message that’s delivered, and our experience shows that users are far more responsive to guidance right at the point of need. This module delivers the ultimate in tailored training: delivering the right message at the right time to the right user.
“Organisations can configure this in the way that best meets their security objectives and reduce the likelihood that they will be impacted by phishing, smishing, ransomware and whole host of threats that could result in a security incident or data breach.“
What sort of training does the module delivering?
The alerts can be customised to the user and their behaviour. This will interest IT security teams who are struggling to contain consumer grade cloud services. A user connecting to an unauthorised cloud service could receive a warning. They could also be provided with the details of an approved alternative to that service.
Training can be a combination of a reminder of corporate security policies, tips and warning. Cyber Risk Aware gives several examples of how this training could kick in:
- Plugging in a USB storage device
- Accessing sensitive data and then connecting to Dropbox
- Downloading free software from Internet sites
The module can be integrated to audit and other security software. One advantage of this is to allow IT security teams to see who is taking notice of tips and alerts and who is not.
Integration with Data Loss Prevention (DLP) tools is a big bonus. It means that when users store data in a location where it is at risk, they can be warned and that warning recorded. This will help companies as they begin to address user behaviour which could cause a breach of GDPR and other compliance legislation.
What does this mean
IT departments have tried to get control of where data is stored and, in the main, have lost the battle. Enterprise backups rarely cover users own devices and do not come close to protecting data in non-approved cloud services. Simply sending users emails reminding them of corporate policies is not enough. Combining monitoring with alerts, training and logging, allows IT to address each user as and when they do something risky.
This is not just about data protection. Phishing education is on the rise in enterprises through gamification. However, one of the lessons that IT has learned is that once you stop the games, behaviour quickly regresses. Combine this new module with other security education and it is possible to see how long it takes before awareness begins to drop off. This can help drive the intervals between refresher training.