Virtual Reality can improve cybersecurity
As companies continue to invest in cybersecurity for business, can virtual reality be a powerful learning tool for the human firewall?
With businesses such as Marriott, Microsoft, Apple and Adobe feeling the effects of cyber attacks in the last few years there have been plenty of attention-grabbing headlines. Business owners know that they need to improve cyber awareness to prevent the damage caused by cyber attacks.
With leaked data, system failures, loss of earnings, customer compensation and fines to contend with, the negative impact can linger like a bad smell. A recent report by Bitglass found that companies which suffered a security breach in the previous three years saw an average drop in stock value of 7.5 per cent and didn’t return to pre-breach levels for an average of 46 days after the initial attack.
It’s no wonder then that a survey conducted by FireEye found 76 per cent of organisations plan to increase their cybersecurity budget in 2020. But how should businesses be spending their money?
We need to think outside the box when it comes to raising awareness about cyber threats. Too many businesses throw money at the technical aspect and neglect the need to improve the human firewall. No software is going to stop a threat that is designed to prey on human vulnerabilities, and with 90 per cent of data breaches caused by human error, the problem is widespread.
Cybersecurity is no longer the sole responsibility of specialist staff or trained practitioners. All staff have some level of accountability but this shift in responsibility isn’t going to happen on its own. Businesses need to train people to understand how the problem presents itself in everyday life, and astonishingly, one in ten UK organisations admit they have no cybersecurity training in place whatsoever.
Traditional training falls short
Chief cybersecurity officers are there to educate and advise. However, sending fake phishing emails to target people who are failing to do their part is potentially harmful. Attaching shame and guilt to the topic tends to create a divide and an unwillingness to ask for support in the future. People may even try to cover up mistakes instead of asking for help.
Traditional training methods aren’t the answer either. People will skip through online modules reading the bare minimum to pass the final quiz, or attend a presentation without really paying attention or absorbing any knowledge.
The solution here is to help people not only see and understand the problem of cybersecurity, but to engage them emotionally. In a paper written by neurologist Judy Willis, she states: ‘When students are engaged and motivated and feel minimal stress, information flows freely through the affective filter in the amygdala and they achieve higher levels of cognition, make connections, and experience “aha” moments.
‘Such learning comes not from quiet classrooms and directed lectures, but from classrooms with an atmosphere of exuberant discovery (Kohn, 2004).’
To achieve this major ‘aha’ moment in the form of a cultural shift we need to educate teams in a way that excites them. This is where virtual reality comes in.
How VR is different?
Storytelling is an age old tradition, something that comes naturally to us as humans and helps us learn and grow. Its effectiveness is elevated when integrated with virtual reality technology. By fusing VR with expert storytelling you can take people on a journey of discovery, one that doesn’t require note-taking or revision. Learning through VR is engaging from the word go and teams are eager to take part even when the topic – such as cybersecurity – is one that may previously have been considered boring.
- Virtual reality can elicit a 27 per cent higher emotional engagement than TV
- Learners who use VR retain 75 per cent of what they are taught (traditional methods offer as little as 10 per cent)
- Surgeons trained using VR make 40 per cent fewer mistakes than surgeons who are conventionally trained
But beware, only high-quality VR and execution will deliver these astounding results. Simply offering VR experiences for the sake of it is pointless. Businesses need to invest in virtual reality experiences which are expertly designed to solve their cybersecurity needs and address the exact problems that their teams are likely to come up against.
We found this to be true in one of our own VR projects, ‘Date With a Hacker’, which was created and rolled out for Sky employees. Not only did 70 per cent of viewers say that the experience made them more security aware, but 90 per cent said they were more aware of phishing methods and techniques.
When people feel emotions like empathy, fear and excitement, their perceptions around the topic are forever altered. This is what leads to permanent behavioural changes like improved cyber awareness. When all employees are immersed in these experiences, companywide change happens almost of its own accord. Needless to say, our projects have a high retention rate and save businesses thousands in future training costs, meaning that those involved never look at their inboxes in the same way again.
Founder and Visual Storyteller, VIVIDA