Employee training: from the weakest link in a chain to your secret we apon

By Milica D. Djekic

The modern cyber defense world would face up many challenges. For instance, it’s not an easy thing to cope with the phishing attacks or teach your staff to gain basic IT skills. The technology is developing at a quite fast pace and sometimes we would wonder if we could follow those changes. As many researchers would say the only certain stuff in the future is the change. Being positive or negative – the experience would teach us that things would not remain the same. We would welcome the positive changes and get somehow scared from the negative ones. Right here, we would mention the negative social phenomena being so interesting to defense cycles and so threatening to our progress. You would easily get that we have in mind the threats such as organized crime, human trafficking, and terrorism. The fact is those challenges would slow down our progress and minimize the chance for sustainable development and prosperity in the majority parts of the world. Even the most developed economies are not immune to those security concerns. We all would remember the September 11 terrorist attacks happening in the United States in 2001. Those incidents have shaken the leading global economy and brought the fear of getting victimized to the rest of the world. Many years after those catastrophic events, we would hear the voice of the experts claiming people got resilient to many threats existing today. The newest tendencies would suggest that we could try to transform our people from being the weakest link in a chain into our secret weapon. The fact is things would not come all at once. It would take a lot of time and effort before we came to that phase when we can discuss such an opportunity. The role of this article is to try to provide some findings of the modern employee training that could offer us more strength in combating the global defense challenges.

At this stage, we would concentrate on some examples from a practice suggesting to us how we could deal with the cybersecurity challenges as phishing campaign is. As it’s known, the phishing is a concern coping with the snow slip effect. In many cases, it’s sufficient to send an ordinary email to some organization and apparently activate the never-ending social and economic consequences. It’s literarily as an avalanche that would make a big problem out of small concern. The practice would indicate that some companies would invest huge amounts of money and effort in order to make their employees getting resilient to the phishing attacks. We would find some sources claiming that the results would be somehow unsatisfactory. So, what is the problem with those phishing operations? First, we believe that the people would not get instructed well enough how serious the impacts of clicking on such an innocent email’s link could be. If the folks got aware of their responsibility in dealing with those small concerns – they would definitely take the different attitude. In other words, if you try to explain to your employees that they are your first line of defense and it’s up to them if the organization or critical infrastructure would get prevented from many serious consequences such are the business collapse or terrorist diversion, they would undoubtedly see themselves as some kind of heroes saving the nation’s strategic asset or some financial institution. Everyone would like to be a hero and if you use such a fact within your training and try to motivate your staffs to think like so, they would definitely turn into your secret weapon.

In other words, in case of the phishing attacks – it’s so important to make the right approach to your knowledge transfer. The point is to try to motivate people to think in a positive way and get proud of themselves any time they report any suspicious email. In addition, we would notice that it’s quite significant to invoke the researchers to your training program because they could support you with a plenty of useful information and in such a case – your task would be to encourage people to think positively about their role in that organization and to realize how they are important in terms of asset’s secret weapon. On the other hand, the current marketplace would offer many software solutions to any kind of cyber defense challenge. Even in such a case, it’s so significant to get your researcher’s community involved because those guys could make many innovations to the developer’s projects. On the other hand, if your staffs are using some software in order to prevent the certain cyber situation, they should get a feeling through the training that they are doing a great job and they should get proud on themselves. In other words, today’s education and training sessions are good, but we would need that little piece of motivation suggesting to people they are the secret weapon to their surroundings. We would also want to advise the trainers delivering the courses to do that in a simple manner, because in case of the phishing – many people dealing with such terminology for the first time may believe their employer is inviting them to some catching the fish occurrence. So, just try to put your training on a basic level attempting to explain the things so simply. You would see that your audience would be so thankful for such an approach and above all, they would get that gut that they are somehow important to their environment. The fact is that the employees should not get overconfident about their skills for a reason it’s quite a trickery to manage such staffs. They should be with the realistic confidence being aware of their purpose in their organization and the significance of their responsible behavior within cyberspace.

Finally, we would recommend training developers to prepare their outcomes for the charismatic trainers that would deal with such an energy that would definitely reflect itself so positively to the audience. The preparation of training is not an easy task – it takes a lot of research skills and if you want to make something useful – make it simple. At the end, the transformation of people from the weakest link in a chain to your secret weapon is a quite challenging process, but it’s definitely worth that.

About the Author
Since Milica Djekic graduated at the Department of Control Engineering at University of Belgrade, Serbia, she’s been an engineer with a passion for cryptography, cybersecurity, and wireless systems.
Milica is a researcher from Subotica, Serbia. She also serves as a Reviewer at the Journal of Computer Sciences and Applications and. She writes for American and Asia-Pacific security magazines.
She is a volunteer with the American corner of Subotica as well as a lecturer with the local engineering society.