It’s something we all know instinctively, if a whole load of new information is thrown at you, your recall of it will be somewhat cloudy one week later. This is exactly what German psychologist Hermann Ebbinghaus showed back in 1885 when he developed the forgetting curve. Though his research is over a century old now, the principle remains true today. Most of what you learn will be forgotten within an hour.

Security training

This may help explain in part why people are still falling victim to phishing attacks. Did their security training consist of being herded into the break room for a lunch and learn while being shown a bunch of slides on how to recognise the signs of a phishing attack? Was that the entirety of their security training for the last 6 months? If so, as Ebbinghaus showed, memory retention will be down around 20%, so mistakes and clicks will be made!

So how do you get around this? Well, Ebbinghaus also showed that revising the information frequently greatly enhances the newly learned information. Translating this to security awareness training, we can see that training must be repeated frequently; think short snippets every month rather than a 1-hour presentation every 6 months.

security training new zealand

Here at Simplify Security, that is exactly what we believe. Our Managed Security Awareness training is done in short, sharp doses. We recommend once a month. What Ebbinghaus hadn’t yet discovered back in 1886 was the power of storytelling and engaging content which greatly enhances the memorability of information. Facts listed as bullet points are soon forgotten but a story can engage many areas of the brain from the motor cortex, sensory cortex and frontal cortex, making recall much stronger.

If you are still experiencing people clicking on phishing emails, it’s time to evaluate your security training. Make sure it’s delivered often in short doses with engaging content to enhance memorability.

Recent blog posts

Key Takeaways from the CrowdStrike 2024 Global Threats Report

Key Takeaways from the CrowdStrike 2024 Global Threats Report

CrowdStrike’s new 2024 Global Threat Report has been creating some buzz around the latest trends in the cyberattacks, and we are here to make the key takeaways from the main topics that were talked about in the report more accessible to you. To summarise, the...