Immersive Cyber Training Offered by CCoE

Organisations of any size can now access immersive ‘escape room style’ cyber awareness training through the Cyber Centre of Excellence (CCoE).

anessa Porter, the OSP Cyber Academy Associate who leads the immersive training, came up with the idea of running immersive sessions when she was tasked in a previous role with delivering General Data Protection Regulation (GDPR) training to groups of people in the travel industry. “Some people would see me coming and try to hide away in the stationary cupboard until I’d gone,” she jokes, “I created immersive training to engage the hard-to-reach people and make learning fun and retaining the training objectives easier.”

CCoE partner organisation, OSP Cyber Academy, is now offering the bespoke immersive cyber awareness training designed to complement any organisation’s online and classroom cyber awareness training. The immersive training makes use of escape room style tasks with a variety of games, challenges, and puzzles to bring learning outcomes to life, such as understanding phishing, malware, and password hygiene.

Having a mix of both online or in-person training alongside some immersive training and other awareness campaigns can be beneficial. “When you are developing a cyber security awareness training programme it is important to include all different types of training,” Porter stresses, “Sometimes regulation drives organisations to carry out tick-box training rather than training that works. Online training is brilliant and absolutely has its place for some people, but others need something different. As soon as you start playing games with people and adding an element of competition then it changes the whole thing. When you are having fun, you are releasing dopamine, and when you are releasing dopamine, you are making memories.”

A CFO from one organisation who provided a review of the immersive training carried out by Porter at his company agrees: “Our team still talk about the immersive training a year after it happened. That really is training that sticks.”

The events run by OSP Cyber Academy have a competitive element too, which Porter says is great because when people are under pressure, they start to make mistakes as they would in the real world. “When you are immersed, you don’t necessarily check yourself to ensure you are doing the right thing, which is what happens in a busy workplace when people are distracted,” she adds.

Irene Coyle, Chief Operating Officer at OSP Cyber Academy, says training is important across the whole organisation because people are the biggest risk but also the biggest asset in data defence. “In any large organisation you have groups of people who will think they are too busy or who think they don’t need to know or already know everything about cyber security. It is an experience for them to come along and genuinely forget that they are in a training session.”

While immersive training might be offered to the whole organisation, perhaps at a teambuilding day, it is also possible just to target specific departments or people who have proven difficult to engage in traditional classroom-style or online self-study training.

“If you are responsible for cyber security training in your organisation, I would suggest that you need to think about who your higher risk people are,” Porter explains, “There are going to be teams and departments who have access to higher risk personal data, such as your HR teams and your finance teams. They are people who need to be trained because they will be targeted repeatedly and the more you can reinforce that learning the better. The other important groups are your high-profile people such as your councillors. They are very busy and are going to be targeted by cyber attackers routinely.”

Both Porter and Coyle agree that sometimes, despite common belief, it might be the younger people in an organisation who are more likely to click on a phishing link or accidentally download a virus, partly because they may think they know it all already, but also because cyber-attacks are getting increasingly sophisticated and difficult to spot.

Offering regular training in different formats is key to ensuring learning is consistently reinforced.

“There might be online training once a year with a cyber security fun day once a year and a cyber security awareness week. Immersive training needs to be part of a whole programme. It is like going to the gym, you can’t expect to be fit if you go to the gym once a year or just buy a gym membership – that doesn’t work. You have to keep exercising the muscle. Immersive training is a tool you can use to keep that muscle flexed,” Porter adds.

The CCoE can offer a range of options to suit any organisation’s size and level of cyber security maturity, including training in-house trainers to facilitate them running immersive training exercises themselves. “We can supply the kit for them to do that. There are a variety of different offers from the CCoE to fit requirements,” explains Coyle.

The CCoE will be offering some of its contacts the chance to experience an immersive training session soon to find out more about how it works and what it involves. If you would like to find out more about the immersive training in the meantime, please contact Vanessa Porter using the details below.

• Find out more about Immersive Training by requesting a meeting with Vanessa Porter here: https://calendly.com/vanessa-mua/immersive-training-demo?month=2024-07