The rise of generative AI and other sophisticated cyber threats can leave unprepared organizations vulnerable. Preparing employees for potential cyberattacks via effective training is one way to secure private and company information.
Here, we talk with John Blackmon, Chief Technology Officer and Chief AI Officer of ELB Learning.
Security: Tell us about your title and background.
Blackmon: I serve as ELB Learning’s Chief Technology Officer and last year, I took on the additional role of Chief AI Officer. ELB Learning brings together innovative technology and professional services to create engaging learning that transforms employee performance, resulting in a more successful organization. I’m responsible for setting the strategy for our suite of learning and development products and leading all AI innovations. Before ELB Learning, I was Co-Founder and CEO of Trivantis (which was eventually acquired by ELB Learning). I created the products Lectora, a course authoring tool, and CenarioVR, a VR tool that creates immersive learning experiences.
Security: What makes employee training an essential defense against bad actors?
Blackmon: Every corporation is vulnerable to threats nowadays, especially with the rise of generative AI. I’m sure I’m not alone here when I say this, but cybersecurity training is typically one of the most boring types of training around. We’ve all been there — hearing the threats outlined in a PowerPoint and watching outdated videos. Employees need training that teaches them how to identify and react to cyber threats in their day-to-day work, not just to pass a quiz and check a box that they completed a requirement.
Taking an immersive approach to cybersecurity training puts employees right in the center of the action. In some instances, they can assume the role of a “hacker.” They’re able to learn the tactics, techniques and processes to break through network firewalls, steal or alter data, etc. When employees are tasked with something like creating their own phishing emails or installing ransomware, they’re able to understand the situation from both perspectives, making them hyper-aware of how to safely protect their information when these situations arise.
Security: How can VR training improve the learning of its users?
Blackmon: When you are actively involved in something, you’re using a certain part of your brain that creates conscious thoughts. When you’re passively watching something, the learning is much more ephemeral. Take Ebbinghaus’ Forgetting Curve for example. You forget 50% of all information learned in a day and 90% of all information learned in a week when it’s not put to use. It’s sad, but true. When you take an immersive approach to learning, you’re actually doing something, and it will stick in your brain longer.
VR training also allows learners to feel safe. They can make as many mistakes as needed without the fear of real-life repercussions. This leads them to feel not only more confident but forces them to think quickly on their feet, enhancing their problem-solving skills. Immersive experiences fully grab a learner’s attention, keeping them focused and on task — try checking your email with a VR headset on. It’s not easy to multi-task!
Security: What do security leaders need to know to protect their data and their customer’s data?
Blackmon: Training programs need to be as relevant to your company and employees as possible while keeping potential threats top of mind. When you tailor training to specific roles within the organization, employees can clearly see how it relates to them. Without relevancy, you lose their attention. On top of that, making training relevant to their personal lives will draw them in. Helping them avoid cyberattacks outside of work as well makes the training more holistic. For example, if their personal phone has their company email attached to it and it gets compromised, both personal and company information can be stolen.
With AI everywhere we look, it’s also important to educate employees on the associated risks that come with leveraging AI tools. ChatGPT has encountered multiple breaches, where sensitive information has been leaked. And it’s always changing. Think of cyber training as the opposite of one-and-done. Keeping your employees up to date on the potential risks with continuous training will keep them alert and information secure. Share tips or notify employees of a potential breach via Slack, email or Teams to keep employees in the loop on the current and evolving cybersecurity concerns.