“Cybersecurity training can be a bit of a dilemma,” Betov notes. “To be successful, you need strong management support to ensure engagement, but messages from the top are not always well received.”
This new technology has instead spurred conversation about the next security moment — benefits that have not only been impactful but also measurable. Feedback from company employees has also been positive, especially given that the training isn’t hindering their productivity.
“We know we need to educate our workforce, but it has to be done in a non-intrusive and engaging way,” he says. “People tend to overestimate the powers of technology — such as email filters and firewalls — and believe they are secure because of it.”
Instead, Mondelez’s message to its employees remains that the security threats are evolving, and while they shouldn’t be distracted from their main roles, they need to maintain the skill of working securely.
Finally, measuring the behavior of the human risk assessment has also been super exciting, says Betov, especially given the possibilities that exist beyond traditional phishing simulations into other threat vectors.
“What we can do together … in terms of opening up as far as beyond the kind of a traditional phishing simulation into other areas of security, that's what I'm really excited about in the future.”