21 Mar Is Virtual Reality The Next Generation In Security Awareness Training?
Inspired eLearning plans to combat phishing, SMiShing, and Vishing with VR training for employees
Northport, N.Y. – Mar. 21, 2019
Inspired eLearning claims to have the first ever virtual reality training course in the security awareness market.
Kyle Metcalf is all about culture — the security kind.
In his role as CEO of Inspired eLearning, Metcalf works hard to deliver a security first culture within his organization — and to every client he works with.
Inspired eLearning “provides training around security, cybersecurity, and compliance,” says Metcalf, “anything that a company would need to stay secure,” through an engaging, entertaining, and interactive educational platform that applies adult learning theory and instructional design to ensure that clients get the best security training possible.
What are the biggest vulnerability threats that a company faces?
“The punchline here is phishing. That is the number one threat for employees,” says Metcalf. “It’s the easiest way for the bad guys to get to the good guys.”
Hackers have been upgrading phishing threats by developing new methods such as vishing and SMiShing to lure employees to engage in bad practices. Vishing is an updated version of old phone call scams. Cybercriminals call an employee, say they ’re from the IT department looking to fix a computer virus, and ask for a user’s login credentials. SMiShing involves criminals asking for personal information via text messaging.
These crimes “are another vector for bad guys to get into your organization and walk through the front door,” says Metcalf. In little time and with minimal effort, hackers are able to access networks through employees’ lack of awareness and security training.
“Phishing is so popular because companies will spend millions of dollars on hardening their IT systems, buying software, hiring people to make sure the system is safe,” says Metcalf. “However, if one of your employees hands over the credentials and the bad guy walks straight in, none of those systems are going to catch it.”
Physical security is another problem companies face, and Inspired eLearning offers training to mitigate these dangers as well.
Tailgating doesn’t just happen while driving. It’s the practice when a “bad guy can walk right into the building,” usually because someone held the door open for him, says Metcalf. “This is how people can get into systems, find someone who didn’t close or log off of their laptop, and again walk right into these systems that we spend so much time and money securing.”
To combat these bad actors, according to Metcalf, every company should develop a security first culture that encourages best security practices. “What does that mean? Be diligent, take your time, look at emails, pay attention, go through the training. It’s paramount for any organization to be secure.”
“I implemented a security first culture within our organization,” said Metcalf. His team took that idea to their main product and called it Security First Solutions, launched in 2018. “The product is unique in the sense that it is a fully curated yearlong, or longer, security awareness program,” said Metcalf.
“Security First Solutions is a multilingual, packaged security awareness program. It delivers assessments, security awareness training, and phishing simulations through integrated learning paths,” according to the Inspired eLearning website.
There are multiple steps in the training process that are designed specifically for a company’s needs. For starters, all users take a baseline assessment to determine where each member and each department falls on the security awareness spectrum. Following that, every employee goes through a full security fundamentals training, followed by another assessment.
“99 times out of 100, 100 times out of 100 hopefully, you will see progress,” says Metcalf.
The program doesn’t stop there, however. It provides phishing simulations that send fake phishing, vishing, and SMiShing simulations to employees throughout the year. The combination of these three steps — assessment, training, and reinforcement — gives a comprehensive view of a company’s security profile.
Security First Solutions then uses the data from all of the tests and simulations to narrow down on a company’s weak spots, and offers targeted training videos to address specific issues — and reinforce best security practices. Combining training videos, which vary in length from 3 to 15 minutes, with regular phishing simulations reduces the chances for an employee to expose a company to cybercrime.
Looking forward to 2019, Metcalf says that Inspired eLearning is “always updating our content with the latest threats, [and] continues to invest in security first and our custom content as well.” The company also demonstrated a VR training at RSA 2019, which is “the first ever virtual reality training course in the security awareness market.”
The cybersecurity market is on the rise and expected to grow, according to Metcalf. “As long as there are bad guys and people make mistakes, we’re in business, as is everyone else in the cybersecurity world,” says Metcalf. “That’s not going to change.”
This is the first in a series of interviews, produced in collaboration with Inspired eLearning, that aims to inform the viewer about cybersecurity, how to train employees in best security practices, and to learn more about Inspired eLearning’s products and services.
– Steven T. Kroll is a public relations specialist and staff writer at Cybercrime Magazine.