Change Behavior, Change Company Cyber Security Culture

For an organization to have a strong cyber readiness strategy, employees within must be willing to recognize potentially harmful cyber behaviors and proactively work to change them. But how can you effectively influence employee behavior when it comes to cyber safety? The answer may surprise you…

It comes down to understanding employee’s psychological faculties first. What influences and motivates employees to actually change how they conduct themselves online, using workplace online systems and platforms? What must an employee think, do, and care about in terms of cyber security to alter behavior? What external factors and trainings can be adopted or modified to facilitate behavioral change?

The answer lies in games! Games are fun and engaging because it appeals to certain psychological drivers within us as human beings. These drivers motivate us toward certain activities. By utilizing gamified, immersive, hands-on cyber training, employees are able to improve their cyber awareness and ultimately change day-to-day actions.

Games can help change behavior because they address several psychological factors that inform and influence learning :

  • Games Provide an Immediate Benefit to Individual Learner – Games typically offer a sense of competition by way of leaderboards, scoring, and team-based play alongside incentives that help players understand “what’s in it for me?” when learning new information.
  • Games Offer a Sense of Accomplishment – Everyone wants to feel like they are making progress and working toward something, eventually culminating in some kind of reward (money, material items, praise, etc). Things like digital badges, “trophies,” level progression, and certificates can drive players to complete challenges and take on additional learning
  • Games Promote Feelings of Ownership – Self-paced games that a player can engage with on his/her own time makes them feel like they “own” Ownership innately motivates people to make their objective at hand, better. Self-paced cyber activities where the user is at the helm of their learning experience increases ownership and empowerment. They don’t have their manager lurking over their shoulder waiting for the next activity to be complete. They can do training on their schedule and at their convenience, when they are ‘ready’ to do it and in the right mindset.
  • Accountability – Utilizing games that involve teamwork instill feelings of acceptance, a ‘we’re in this together’ attitude, and a healthy drive of competition. These activities draw people closer together and make concepts relatable and understandable when they learn together. Training feels less ‘lonely’ and isolated.

Our platform, inCyt, is the perfect tool to help you weave cyber security awareness training into the fabric of your organization. By offering easy to digest information portrayed through interactive games, non-technical employees can gain a deeper understanding of how to stay safe online.

inCyt is an evolving training solution where those with limited cyber knowledge learn basic concepts through cyber themed battles. Currently, inCyt teaches password and email security along with general online safety, with future topics ranging from social media to remote work safety practices and more!

Change behavior to change company culture with inCyt. Not only will your employees feel more empowered to make safe choices online, but your organization will be better protected from looming threats.

To learn more about cyber psychology in the context of building a stronger cyber team and employee base, be sure to check out our on-demand webinar, Time to Reboot: The I/O Psychology of Cyber Security. To learn more about inCyt, schedule a demo today!

Dare to Have Fun! Alleviate the Pain Points of Cyber Security Awareness Training

You know it and we know it: Security awareness training doesn’t have the best reputation Many employees who are required to undergo security awareness training do so under the direction of human resources or a risk and compliance department within their company. Trainings have long been conducted via static PowerPoint presentations, lecture-based talks, online “tutorials”, and through other passive methods that don’t result in the employee retaining much of anything. It merely becomes a box employees check off on their requirements sheet and they move on.

This is not the way cyber security awareness training should be implemented. We know that current trainings like this are ineffective in helping employees learn cyber best practices or, more importantly, change their online behavior for the better. The “learning pyramid”, sometimes referred to as the “cone of learning”, developed by the National Training Laboratory, suggests that most learners only remember about 10% of what they read from textbooks. Whereas, retention is improved when gamification is incorporated into training and learning activities. In fact, according to Talent LMS, 89% of employees believe they’d be more productive if their work was more gamified.

Photo by Zachary Nelson on Unsplash

 

Don’t believe us? Take a peek at the recent news headlines and industry reports that show human error is still a primary contributor and cause significant company breaches. Employees aren’t empowered with the knowledge to know what to look for in suspicious emails or phone calls, resulting in higher cyber risk for organizations.

And that’s only a few of many incidents that indicate the need to foster more effective security awareness training to truly change digital behavior.

Pain Points of Traditional Security Awareness Training

  1. Actually changing —Getting an employee to go through security awareness training is one thing but actually changing their behavior is another challenge all its own. Training can’t be a ‘one and done’ effort. It must be engaging enough for people to retain learned information so they can recall it when faced with a cyber threat. To do this, security awareness training must have a ‘what’s in it for me?’ component otherwise, there’s no incentive for an employee to do the training at all. Teaching elements like scoring, competition, badges, levels, and ‘digital rewards’ help engage employees so they take training off the ‘must do list’ and onto the ‘want to do list.’
  2. Convincing employees it directly impacts them—If you’ve never been in a car accident, you may be inclined to drive a little faster on the highway, not thinking twice about the repercussions because “an accident will never happen to you.” Wrong. Just because your company may not have been breached (yet) doesn’t mean you’re immune to security awareness training. Unfortunately, the daily onslaught of company breaches making news headlines indicate that the ‘we don’t need security awareness training’ thinking is not only outdated but will leave your organization more vulnerable to an attack. Everyone needs security awareness training if they do any kind of work on an electronic device (whether computer, phone, internet-connected system, etc.)
  3. Perceived protection from technology—It’s quite common to presume that today’s technology has ‘built-in’ security to protect against hackers, and while some devices do offer limited protection, it’s not enough. With as fast as technology is advancing, there’s always a gap in security waiting to be exploited. Spam filters, antivirus software, and firewalls are great, but hackers know the easiest way to get sensitive data and cause disruption is by going through people first. A multi-layered security strategy that places people at the forefront of defense is critical to hardening posture from all angles.

Empower Employees with Fun Security Awareness Learning

Just because the industry has typically conducted security awareness training in a passive manner in the past, doesn’t mean it works—and it certainly doesn’t mean that we have to keep doing it. So let’s flip the script on security awareness training shall we?

We recently debuted inCyt, a security awareness learning tool, at RSA this year. It is an evolving solution designed for non-technical employees to learn cyber foundations and improve online workplace practices. In it, we dare to have fun with security awareness training by simplifying and gamifying the complexity of cyber. We expand the understanding of the threat landscape to non-technical employees who work on business systems by introducing basic concepts through the mind of a hacker. THEN the player is encouraged to demonstrate their learned knowledge in a “final” lesson where the player defends their digital assets from a bot hacker. Games are designed around the cyber attack sequence that outlines the structure of an online threat.

inCyt on a laptop computer

Players with limited cyber knowledge learn basic concepts through cyber themed battles against a bot attacker and the learning becomes ‘sticky’ as information is retained because it’s engaging. Colorful characters, friendly competition, and relevant cyber examples improve security awareness aptitude.

inCyt currently teaches the following security foundations with more on the way!

Phishing & Email Security

  • Understand what phishing is.
  • Understand the impacts of phishing.
  • Identify common indicators of phishing attempts.
  • Identify appropriate countermeasures related to phishing.

Online Safety

  • Understand the risks associated with public internet.
  • Identify proper safety precautions when online shopping.
  • Understand the impact of what and when you post online.

Password Security

  • Understand the importance of strong passwords.
  • Identify best practices when creating passwords.
  • Understand multi-factor authentication.

Future game topics and themes will include: Social Media, Least Privilege, Remote Work / Bring Your Own Device (BYOD), Computer & Software Updates, Response to Potential Attack, Data Value, Preservation & Recovery.

So what do you think? Is it time to change up your security awareness training approach? Perhaps try something new to augment the most vulnerable attack element in your organization: your people.

Schedule a demo of inCyt today to learn more.

 

Photo by Zachary Nelson on Unsplash
Photo by Jason Leung on Unsplash

Gamification for the Greater Good: Why We Need More Diverse Learning Approaches for the Workforce

“Gamification” is a term that has been popularized by the modern cultural and consumer demand of video games. It is the application of design elements (e.g. leaderboards, scoring, points) to an activity or set of activities, made popular by video games. Today, it has made its way into software programs as a way to increase engagement and productivity. Yet when we think about gamification today, we don’t generally think of its application in educational settings, let alone in the business world. After all, when was the last time Ubisoft had a press conference about how gamified Assassin’s Creed is? So what are we talking about? We’re talking about the challenge of engaging adults in professional training and development while being sensitive to their learning preferences. The reality is, it’s hard to get adult learners excited to go back to the classroom to learn something for their job. But there exists a potential for gamification to lower the barriers to learning for adults. Today’s professionals are a prime target for using gamification in a more meaningful way—to break through the “sheer fun and games” if you will, and leverage gamified elements for a greater, more significant purpose. Gamification is really all about education, and it’s alleviating the age-old struggle of how to teach effectively and remain relevant.

Before breaking down the benefits of gamification in learning, let’s review more common learning approaches. Less thrilling “cousins” of gamification often used in teaching and tasked-based activities include displays like tutorials, lectures, slide shows, watch-only videos, and text-based material. These are used in educational settings and are part of what researchers define as “passive learning,” techniques—a method of teaching where students receive information from a source to internalize and regurgitate. Studies show this approach is highly ineffective at helping learners retain information (and even worse when it comes to applying learned information to an actual experience or task). Gamification can help overcome these challenges—especially when we leverage it within the context of business training and professional employee development. The types of training professionals might undergo include trainings on customer engagement and retention, sales processes, use of specific software applications, etc. If professionals can conduct those trainings in gamified settings, their propensity for completing (and enjoying!) training increases. We’ll discuss “how” this actually happens later. As a result, they might be better collaborators among colleagues, drive more sales, or foster greater customer satisfaction.

Entertainment with a Social Benefit

We’re constantly on the hunt for the “perfect” way to teach, one that resonates and is impactful. The difficulty here is that people are unique, each with their own motivations, modes of learning, and literally the way our brains are wired to absorb information. Gamification isn’t the first attempt at a perfect solution, television and radio had their time as well. Before we dive deeper into how gamification enables professional, adult learning, let’s understand how history has taught communities.

Before video games entered the market in a big way, TV and radio held the spotlight as primary modes by which information was relayed and stories were told. What you might not know is that the channel’s reputation to deliver information to the masses (eventually ‘to entertain’ the masses) was actually grounded in socio-psychological theory. Miguel Sabido aptly named the “Sabido methodology” to define ways in which social attitudes and behaviors were positively changed due to information (aka: a stimulus) delivered from television and radio. Sabido pioneered the use of telenovelas to teach about social issues in the 1970s and 80s, when he was Vice President of Research at the Mexican television network Televisa.

His complex narratives allowed audiences to relate to his characters who were often positioned as positive, negative, and neutral role models. The characters addressed relevant social issues of the times (e.g. women’s status, child slavery, environmental protection, HIV/AIDS) and audiences became emotionally attached to them as they made good or bad decisions within the storyline. Why? Because the topics covered and the character behaviors resonated with viewers.

What Sabido uncovered in this narrative communication method (complete with relatable characters and compelling storyline) was a new way to teach people about important issues they otherwise might not care to educate themselves on. Over the next decade, Sabido produced six serial dramas that touched on issues of HIV/AIDS and safe sex practices—coincidentally (or not), Mexico experienced a 34% decline in population growth rate during that same time frame. Perhaps the way in which he addressed social issues that were important to his viewers, resonated after all.

We can learn a lot from Sabido’s efforts here. According to Population Media, “The major tenet of the Sabido methodology is that education can be compelling and that entertainment can be educational. Sabido originally termed his approach ‘entertainment with proven social benefit,’ and since then, many communication professionals and scholars have applied the term ‘entertainment-education’ to the Sabido approach.” Sabido helped pioneer a new kind of learning that adults were attracted to and interestingly enough, we see similar “entertaining education” strides made today when teaching is done using gamification.

Learning Styles, Information Overload, and Misconceptions of Gamification

It’s not shocking that the interactive media and gaming industry has followed this “entertainment-education” pathway. As technology evolves, we naturally find new ways of putting it to work for us in a way that is not only useful and functional but appealing. Sabido’s use of serialized dramas and engaging characters have shown to be extremely effective in igniting social change and shifting social attitudes among viewers/consumers of information—and as professionals in business, we should learn from his work and mission. Consider gamification the latest teaching approach we have at our fingertips. It offers a new way of learning that hasn’t been employed to its fullest potential in other media/education models.

There are three generally recognized learning styles: Visual, Auditory, and Kinesthetic. Kinesthetic learning (learning by doing), wasn’t really an option for Sabido (watching TV was passive information consumption, visual and auditory). However, gamification and interactive media is a reflection of that third learning category, kinesthetic. For the first time, we can take a student to Mars in a virtual environment, or have them interact with a neuron the size of a house leveraging Kinesthetic learning technology. The training and educational possibilities are endless (especially when we layer in elements of gamification) and we’re just scratching the surface.

But learning is only as effective as the approach we deploy to learn. When it comes to assessing the effectiveness of gamification in an educational application, learners tend to evaluate it from two lenses, asking: “How do I learn” and “How do I play?” To answer these questions, we can review various game mechanics and features that make up each of the three learning styles. More on that later. However, we’re missing a large piece of the purpose of gamification if we don’t also ask “Why do I play?” This is equally the most challenging question to answer when it comes to using gamification to teach today’s professionals.

If we are to truly leverage gamification as a learning mechanism for business in professional training and development, we first need to understand how adults process new information. Researchers note “…our problem as adults are that we want to take new knowledge and compare and contrast it to what we already have. Our brains natively know that they can only process so much at a time, so they try to analyze incoming input to identify key material that must be retained, and then immediately file that information alongside relevant contexts. That processing imposes a significant amount of overhead, and it’s why acquiring new knowledge and skills is so much harder for an adult.”

Compare that learning style against the physical act of teaching a child, and we see stark differences. When teaching a child a concept, it is relatively straightforward: preach at them, and they’ll absorb it. For the most part, author Don Jones notes, “they’ll believe it because they tend to lack the context to dispute it.”

Now apply how adults learn to their professional and personal environments. As adults, we’re constantly bombarded, now more than ever, with new information at every moment. Opening up your phone in the morning usually bears forth a host of notifications to sift through, between messages, news headlines, and advertisements. Our brains are constantly working to filter what we care about, and what we don’t. Adults do this natively and unintentionally, as much as we’d like to just absorb all the information we’re presented with… our brains just don’t function that way anymore. We’d be on overload!

Should businesses adopt gamification as a learning strategy to enable professionals in their day-to-day jobs, we must first be cognizant of their perception of “playing a game,” (especially now that we understand how they learn and filter information). Imagine an adult that’s being asked to learn something new on the job by using a gamified platform where they have to play a “video game” to do it. That adult learner may very well bemoan the thought of “going back to school” or “playing a game” to learn something about their job. Unfortunately, video games aren’t something adults take seriously (because up until recently, they haven’t been really applied to support business-like functions and serve a greater good). There’s a perception that playing games is all fun and not meaningful–but gamification has to overcome these misconceptions. When teaching adults, we must remember to communicate the “why”…

Jones also notes, “I often provide the ‘why do I care about this?’ answer upfront, in the form of a problem statement, where my key point becomes the solution. I then immediately illustrate or demonstrate how the key point solves the problem, providing reinforcement and confirmation to the students’ brains.”

Leaders interested in deploying gamified learning in professional training programs need to communicate the “Why do I play?” to their trainees. The answer isn’t merely to ensure the learner understands the point of the lesson, it’s much more about understanding what drives and engages their brain to interact with a gamified environment in the first place. There are driving motivational factors in gamification that make it a powerful tool for professional training and learning. Given that we all are wired differently, we must understand how to make gamification work best for us, as individual learners.

Making Gamification Work for All Learners

Yu-kai Chou created a framework for gamification and behavioral analysis that he calls “The Octalysis Gamification Framework.” Within he does a fantastic job breaking down driving factors and motivators for different types of gamers and learners—and we can use this model as a foundation to build out professional learning programs and activities in our own businesses. The Octalysis Framework is extremely deep, yet it’s easier to understand Chou’s eight Core Drivers in human behavior, in the circular graph.

When we consider Chou’s driving factors, through the lens of “How we Learn” and “How we Play,” in-game mechanics—with the understanding of the three learning styles, it becomes easier to see the potential for gamification as a mechanism to complement other learning styles. By examining the motivating factors that contribute to whether or not something is considered “gamified,” those doing the teaching can clearly see where kinesthetic learning fits within the overall game mechanics structure in relation to auditory/visual representations found in the mechanics.

Figure 2

Notice in figure 2, game mechanics prioritize competitive drivers over collaborative efforts, community over exploration (as indicated by the quantity of learning style icons).

As much as we celebrate the experiential elements of kinesthetic learning in educational literature… there’s much work to be done in gamification to ensure hands-on learning styles are better represented on this model so that more inclusive learning can be had.

Further, game components like “Levels” and “Missions” are incredibly broad terms and they can be as varied as the subjects they attempt to illustrate, yet I would argue that these mechanics determine if a product truly feels like a game more than features like the ability to share accomplishments socially or obtaining a badge.

The reality is, we’ve had a much longer history teaching to auditory and visual learning pillars, more so than teaching and training staff with gamification. If anything, this may illustrate that it’s easier to develop products and software that align with the visual and auditory-based learners versus developing products to meet the needs of those who want more hands-on experiences in a game-like setting. This is why we mostly hear about digital badging, leaderboards, and “leveling up” in the context of video games instead of in training programs for business professionals.

While incorporating gamification elements into a professional development training program can be done, do we need to check off all these game mechanic boxes in order for a product to be considered “Gamified?” Arguably no. It’s all about your demographics and what will drive them to learn most effectively.

We have reflected upon the history of “engaging educational learning” in the context of telenovela programming, deepened our understanding how we process and retain learned material in an overly interconnected culture, and sought new ways for learning to “stick,” one thing becomes clear: gamification is an untapped learning resource for today’s professionals. Dare I say, the diamond in the rough we’ve been searching for in business training and professional development. If your professional demographic is at all varied (I bet it is), then your teaching strategies will likely have to be as well. It’s time businesses think beyond the passive learning styles of yesteryear, and embrace a new gamified approach to adult training and development—something that better fosters driving factors like collaboration and exploration equally to that of competition, community, and achievement. Only then, will we really have a learning approach that meets everyone where they are.

Top Tax Season Scams and How to Avoid Them

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

 

  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.

 

  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.

 

  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.

 

  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

Combatting Tax Scams with inCyt

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

Things to do at RSA 2020 

This year’s RSA Conference is sure to be chockfull of exciting innovations, new technology, and swag galore. As much as we love the excitement of being on the expo floor, it’s always a good idea to take time to explore the conference, meet new people, and unwind with a few good colleagues or newfound friendsThis list of networking gatherings and affiliate events will help you make the most out of your RSA experience! 

 

Events through RSA: 

  • 2/25 6:00 pm to 8:00 pmCyBeer Ops Networking Reception – Craft beer tasting event that doubles as a great networking opportunity.
     
  • 2/27 6:00 pm to 9:00 pm: RSAC After Hours – Enjoy food, drinks, and dancing to a live 80’s cover band.
     
  • 2/25 5:00 pm to 7:00 pm: RSAC Women’s Networking Reception – Relaxed networking event celebrating women’s contributions to science and technology.
     
  • 2/24 5:00 pm to 7:00 pm: Welcome Reception – Kick off the conference with drinks and apps while previewing cyber solutions from over 700 exhibitors.
     
  • Multiple dates and times, registration required: RSAC Engagement Zone – Engage, network, and make personal connections with others who share your interests through Braindate, Birds of a Feather, Cooperative Learning roundtables, and more.
     
  • Multiple dates and times: RSAC Sandbox – Show off your cyber skills through hands-on experiences and mingle with peers at this engaging event.
     
  • 2/26 4:30 pm to 6:00 pm: Expo Pub Crawl – Enjoy complimentary beer, wine, and non-alcoholic beverages while visiting sponsor’s booths and learning about their latest innovations to support your business. 

 

Affiliate events: 

  • 2/24 7:00 pm to 10:00 pm: CYBERTACOS at RSAC – Talk over tacos with members of the local cybersecurity and broader IT community.
     
  • 2/24 7:00pm to 10:00 pm: Ignite – With live music, snacks, cocktails, and dancing, this is THE place to be Monday night.
     
  • 2/25 5:00 pm to 9:00 pmOptiv After Party – Thirsty Bear Organic Brewing Company will have great beer on tap while you network the night away. 
  • 2/25 6:00 pm, registration requiredVMware Carbon Black Networking Reception – This exclusive happy hour at the W San Francisco is sure to be the event you need to kick off your RSA experience just right. Register now as space is limited.
     
  • 2/25 6:00 pm to 9:00 pm: Non-Profits on the Loose – Meet and mingle with industry, policy, and government leaders in security and privacy at this soirée.
     
  • 2/26 11:30 am to 1:00 pm: Meet & Greet at RSA Conference 2020  Join the Executive Women’s Forum and meet the most amazing women at the RSA Conference.
     
  • 2/26 5:30 pm to 8:30 pmICMP Networking Social RSA 2020  – Network with members, friends, and guests of the International Consortium of Minority Cybersecurity Professionals.
     
  • 2/26 6:30 pm to 9:30 pmArctic Wolf Happy Hour – Sips and savors at TRES Tequila Lounge and Mexican Kitchen is the perfect mid-week way to unwind.
     

Stay up to date on any additional affiliate events as they get added by checking out this calendar provided by the conference, and be sure to swing by our booth #6480 to see what we’ve been working on and add to your swag collection

To get a sneak peek at our latest cyber training platform, inCyt and be sure to register for our webinar, inCyt: Inside the Human Element of Cyber. We can’t wait to see you at the conference and have some fun! 

inCyt: Bring the Power of Cyber Safety to your Whole Organization 

What is at the core of cyber? Is it computer chips? Monitors? Servers? Cyber wouldn’t be where it is today, or at all, without: humans. Understanding what it takes to keep your organization cyber safe starts and ends with the human element. As the only constant in the world of cyber, professionals need to practice awareness and continued training in order to defend against looming threats. 

Circadence is excited to announce our newest product, inCyt. inCyt is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. We believe that in order to prevent cyber attacks, cyber security must be woven into the very fabric of company culture. This platform will allow your entire organization, from Roger at the reception desk to Sally in the sales departmenteveryone needs to persistently practice awareness to gain a deeper understanding of cyber safe practices. 

 

Did you know: 

  • 52% of businesses say that employees are their biggest weakness in IT security, with careless actions increasing overall risk. 

 

To address these trends, we will be demo-ing inCyt live at this year’s RSA Conference in San Francisco, where the theme is The Human Element. 

Prior to showing off this exciting platform’s capabilities live, we will be hosting a webinar, inCyt: Inside the Human Element of Cyber, on February 18thRegister today to get a first look at this new technology and see how inCyt can help take your organization’s cyber readiness to the next level through games! 

Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

Photo by Alexandre Debiève on Unsplash

Photo by Marvin Meyer on Unsplash

Living Our Mission: Building a Roadmap to Bring Product Vision to Reality with Circadence’s Raj Kutty

This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.  

Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.

Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.

“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”

Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.

Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.

“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”

The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.

“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”

Photo by John Lockwood on Unsplash

Photo by Bogdan Karlenko on Unsplash

Microsoft Security Blog: Rethinking cyber scenarios—learning (and training) as you defend

In this third and final post in the series, Microsoft’s Mark McIntyre addresses more advanced SecOps scenarios that an experienced cyber practitioner would be concerned with understanding.

New Year, New Threats: Top Cyber Threats Anticipated to Hit Big in 2020 for Enterprise Companies

As we enter the New Year, one thing is certain: cyber attacks aren’t going anywhere. Enterprise companies have been tasked with defending their networks from unyielding cyber crooks who want a piece of the pie for themselves. What’s on the horizon for enterprise security threats in 2020? We’ve got a few predictions.

  • DeepFakes

    Deep Fake technology can create fake but incredibly realistic images, text, and videos. Computers can rapidly process numerous facial biometrics, and mathematically build or classify human features, to mimic a person or group of individuals for public manipulation. Bloomberg reports the tech is becoming so sophisticated, detecting a DeepFake video from a real one, is getting harder and harder to differentiate for viewers.

    While the technical benefits are impressive, underlying flaws inherent in all types of Deep Fake models represent a rapidly growing security weakness, which cyber criminals will exploit. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and educate themselves on the risks as well as hardening systems that require/use facial recognition.

  • API and Cloud vulnerabilities 

    An application programming interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. APIs are an essential tool in cloud environments, acting as a service gateway to enable direct and indirect cloud software and infrastructure services to cloud users.

    A recent study showed more than three in four organizations treat API security differently than web app security, indicating API security readiness lags behind other aspects of application security. The study also reported that more than two-thirds of organizations expose APIs to the public to enable partners and external developers to tap into their software platforms and app ecosystems. Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams.

  • 5G Threats

    With the rollout of 5G continuing in 2020, we will see an increase in the volume and speed of data theft. The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, shows that larger enterprises are not prepared for the security implications of 5G. The top cyber security concerns that came back in this report were:

  • Larger attack surface due to the massive increase in connectivity
  • Greater number of devices accessing the network
  • The extension of security policies
  • Authentication of a larger number and wider variety of devices.

As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats.

  • Ransomware attacks evolve

    Ah, ransomware, seemingly every hacker’s favorite extortion tool. According to McAfee Labs 2020 Threat Prediction Report, the increase of targeted ransomware has created a growing demand for compromised company networks. This demand is met by criminals who specialize in penetrating company networks and sell complete network access in one go.

“I expect that the ransomware used will continue to become more advanced. I am concerned that some threats have just become more stealthy, or are working toward that, and that readily available ransomware will enable even novice criminals to maintain stealth. Organizations are spending more resources to defend against ransomware, which might drive out a few of the lesser players, but any organization with resources will still see ransomware attacks happen as a fast and easy way for financial gain, so hackers will continue to pursue advancements.” ~ Karl Gosset, VP of Content Development at Circadence

It’s clear that the threat landscape will continue to grow and become more sophisticated in the coming year, which means it’s time for businesses to step up their security game.

Circadence believes that the best way to do this is through cyber learning games themselves! Our flagship product, Project Ares, delivers real-world attack scenarios in a safe, online range environment and allows users to practice and hone their cyber skills through the use of games. With missions specific to enterprise threats, such as Operation Crimson Wolf and Operation Desert Whale, Project Ares will ready your organization for any looming threats like these. By using a gamified cyber learning platform like this for your security teams in 2020, you can readily pop some champagne and dance the night away, knowing your enterprise is better protected in the new year.

Photo by Robynne Hu on Unsplash

Photo by Bud Helisson on Unsplash