“Getting your employees to care about security is hard. Not only does security feel irrelevant to them, but they’d much rather be doing their job than going through security awareness training exercises. Video lectures, lengthy quizzes, and brown bag lunch trainings are what paint an image of security in your employees’ minds — and it couldn’t be less enticing.
Truth is, we’ve been doing security awareness training wrong all along. Watching videos, reading course materials, and taking quizzes are all passive training techniques, and studies show that passive learning only has a 20 percent retention rate. As security practitioners, we know that traditional training doesn’t work, but until recently, it’s been the only option we’ve had.”
