Training the Human Firewall: You're joking right?

Have you ever watched someone do their cybersecurity awareness training? I have. The window is minimized to the farthest corner of the screen, the headphones are on, and normal job tasks are being performed during “training.” The quiz at the end of the training is retaken over and over till a passing score is reached. The sales technique of “Training the human firewall” is a phrase that makes you think that the automated service you’re buying is suddenly going to engage every end user on every level. It’s not. As someone who has worked on incident response teams, I’ve seen firsthand how automated cybersecurity awareness training platforms are failing organizations left and right. Bill in Marketing clicked on a link and entered his credentials. Sally from Accounting opened a malicious audio file that installed a malicious agent that utilizes Live Off the Land Binaries (LOL Bins). Ad Infinitum! Re-engaging users on their level and in person is how we make a difference. A user cannot ask a video questions, and they are asking questions. However, by the time they can ask, they’re on the phone with a SOC Analyst having their computer triaged for an incident.