Radical New Training Bolsters Weakest Link in Cybersecurity


Global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.

Cybercrime is a global problem but in every organization, there is a very local potential solution: a vigilant, engaged, and properly trained workforce.

The cost of a data breach, in terms of revenue, reputation, legal exposure, and operational disruption, can be devastating; 60% of small-and medium-sized businesses close within six months of experiencing a cyberattack.(1) Meanwhile, the problem is growing rapidly especially because of changes due to COVID-19; global cybercrime costs are expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.(2) “Cybercrime is a global problem,” says Drip7 founder and CEO Heather Stratford, “but in every organization, there is a very local potential solution: a vigilant, engaged, and properly trained workforce.”

Over 90% of all cyberattacks, notes Stratford, are executed using information from employees who unwittingly give away their system ID and access credentials to hackers.(3) The problem, Stratford says, is not just a lack of cybersecurity awareness training, but getting training that works to the people who need it in the way they will actually use it. Most training doesn’t actually accomplish anything, and the numbers prove it. According to research from Forrester, she notes, over a third of employees who have had security awareness training still admit to disregarding security policies.(4) Microlearning, says Stratford, which breaks content into bite-size chunks, has been demonstrated to produce much better results than the traditional lecture-followed-by-a-test approach, both immediately and in terms of longer-range retention.(5)

An even more effective approach with today’s workforce, says Stratford, is a newly introduced breakthrough solution. It is called Drip7. By combining microlearning with gamification, the program applies game design to cybersecurity awareness training to increase retention. The most obvious parts of game design are points, awards, and leaderboards—but includes much more. Stratford notes that in a recent survey of nearly 900 employees, 83% of those who received gamified training felt more motivated as a result, while 61% of those who received non-gamified training felt bored and unproductive.(6)

“We call it Drip7,” says Stratford, “to emphasize a basic point: you don’t internalize something by hearing it once. You need to hear it seven times to remember and put the knowledge into practice.” Instead of lectures that remove employees from work, Drip7 training arrives in the form of a question a day that the employee answers. This increases engagement in learning and retention, and at its core keeps cybersecurity in the employee’s mind—not by force, but through play.

Stratford, CEO and Founder of the cybersecurity training company Stronger International, developed the framework of Drip7 as part of a project to enhance the cybersecurity training within a large hospital system. As awareness of the solution’s capabilities spread it became apparent that the combination of microlearning, customizability, and gamification leading to high ongoing employee involvement answered a need not simply for one client or industry, but for a worldwide digitized economy.

Drip7 is sold on a licensing basis, with over 80,000 users already licensed on the platform. For more information, please see drip7.com. “This isn’t a learning management system,” says Stratford, “It’s a way to make learning and training actually do what they need to do. Our goal is to take the fear out of cybersecurity and make it both fun and effective.”

Share article on social media or email:

Leave a Reply