It’s something we all know instinctively, if a whole load of new information is thrown at you, your recall of it will be somewhat cloudy one week later. This is exactly what German psychologist Hermann Ebbinghaus showed back in 1885 when he developed the forgetting curve. Though his research is over a century old now, the principle remains true today. Most of what you learn will be forgotten within an hour.
This may help explain in part why people are still falling victim to phishing attacks. Did their security training consist of being herded into the break room for a lunch and learn while being shown a bunch of slides on how to recognise the signs of a phishing attack? Was that the entirety of their security training for the last 6 months? If so, as Ebbinghaus showed, memory retention will be down around 20%, so mistakes and clicks will be made!
So how do you get around this? Well, Ebbinghaus also showed that revising the information frequently greatly enhances the newly learned information. Translating this to security awareness training for staff members, we can see that training must be repeated frequently; think short snippets every month rather than a 1-hour presentation every 6 months.
Here at AMARU, that is exactly what we believe. Our Managed Security Awareness training is done in short, sharp doses. We recommend once a month. What Ebbinghaus hadn’t yet discovered back in 1886 was the power of storytelling and engaging content which greatly enhances the memorability of information. Facts listed as bullet points are soon forgotten but a story can engage many areas of the brain from the motor cortex, sensory cortex and frontal cortex, making recall much stronger.
If you are still experiencing people clicking on phishing emails, it’s time to evaluate your security training. Make sure it’s delivered often in short doses with engaging content to enhance memorability.