skip to Main Content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    Cyberattacks Continue Because Your Users Forget

    Cyberattacks Continue Because Users Forget

    The weakest part of your cybersecurity can be identified by looking at how cyberattacks take place, and how well your defenses stand up. But did you know the answer comes from the year 1885?

    While cybersecurity is a constantly moving target, there are some constraints put on threat actors that keep their methods and tactics within a real of possible actions. For example, they need to work within the confines of the operating systems used by the victim organization – which only have so many ways to be exploited and taken advantage of. The same is true for users; with 85% of breaches involving a human element, cybercriminals use a combination of establishing urgency and credibility to convince the potential victim to engage with the threat actor’s malicious content.  And while new phishing themes are constantly being created to align with current events, the tactics feel very much the same; it’s pretty much always click the link, open the attachment, or reply to the email.

    So, if it’s really as simple as making sure users don’t interact with malicious email content, why are cyberattacks continuing to flourish? Part of the answer lies with organizations that don’t employ their users to play a role in protecting the organization. If users are educated with Security Awareness Training to be mindful of malicious content in their Inbox, they are likely to interact with and fall for phishing attacks.

    But just putting users through this kind of training a few times a year isn’t enough.

    The core of the problem is that people forget what they’ve learned. Back in 1885, German psychologist Hermann Ebbinghaus hypothesized that memory retention declines over a very short period of time – something now known as the Forgetting Curve. In as little as just 20 minutes, 40% of what’s been learned has already been forgotten.


    Source: The Forgetting Curve

    He found that repetition in learning over a period of time (in most cases, repetitions were measured in days) actually increases  the % of knowledge retained. You can see below the impact on the percentage of information retained when the information is re-reviewed over time.


    Source: The Forgetting Curve

    Applying this to cybersecurity, it becomes clear that a) even if users are put through some form of training, they will forget most or all of what they’ve learned (and will click the malicious link sometime in the future), and b) it takes continual Security Awareness Training to ensure users retain best practices, good cyber hygiene, and a vigilant state of mind when interacting with unsolicited (and potentially malicious) email content.

    Request A Demo: Security Awareness Training


    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:


    Sign Up to the TIO Intel Alerts!

    Back To Top