Because cyber security has an ever-changing threat landscape, there was a need to create digital training that gave learners the opportunity to assess and manage risk for themselves and make a judgement whether working with a certain type of information in a certain environment is OK or not, rather than blindly following cyber security dos and don’ts, which can actually introduce more risk when done dogmatically in this way.
Starting point for the project
From the start, we discussed the necessity of making the training difficult enough to provide the desired learning outcomes. It was felt that a scenario-based approach would work best and that’s how we proceeded. However, there were still some challenges we needed to overcome:
Challenge number 1 was how to find the right balance so that learners had to think for themselves but were not left with the impression that being cyber-aware was an impossible task.
Challenge number 2 was how to create scenarios that covered the required learning points in a relatable way for a wide range of Wärtsilä employees
Solution
To get the balance right, we decided first to concentrate on the scenarios in a longer-than-usual concepting phase. This was very valuable, as it gave us the chance to refine each scenario with input from a wide range of stakeholders and subject matter experts. Once we had the meat of the training in place, it was easier to build the flow around that – both conceptually and technically.
The solution involved presenting cyber security in three settings: at work, on the go, and at home. In each of these settings, we created general scenarios that applied to all learners and supporting content for these. Once learners had done these general sections, we could be sure that they had the knowledge to be cyber-aware in a general sense.
After this we asked the learners to attempt a few more personalized scenarios out of 5 different learning tracks based on the type of information they worked with on a daily basis. Learners were then given the chance to complete the course or attempt the scenarios for the other information categories. By incentivizing completion of the additional scenarios through gamification we found that learners were eager to discover what kind of unique scenarios existed for colleagues in different departments. In doing so, learners not only gained the necessary knowledge to be cyber-aware in their own specialist area but also gained more insight into other threats faced by colleagues.
“When we designed this course, it was very important to move away from the generic and formulaic cyber security training that is usually on offer. Too often mandatory training falls short in teaching learners new skills and, instead, sticks to a set of generic dos and don’ts with some stock photos. Thanks to MPS Prewise, we were able to create a custom cyber course that, both visually and content-wise, was relevant to our premises and operations.
Since launch, it has proven to be one of the most well-received courses. For what is ultimately an awareness training to build foundational cyber knowledge, it is encouraging to see that the odd curveball question has kept learners on their toes with some even saying that the course was ‘refreshingly challenging’ & ‘sometimes difficult but always interesting and enjoyable’!”
Our main contact person Thomas Dewilde, General Manager, Cyber Governance, Risk & Assurance