One of the biggest challenges of security awareness training is to prevent it from becoming a boring “essential.” This can be done in many ways, but one of them is very revolutionary: a Netflix-worthy drama that employees can watch voraciously. Why does educational entertainment work so well?
Security awareness is related to the behavior of end users. There is no pin between them. or is he? Personally, I believe that when it comes to cyber security we should not be talking about end users but about people. People with feelings, people who celebrate a colleague’s birthday, people who put pineapple on their pizza (or never will). It comes to these people when you say you want to protect the organization from cyber attacks. And these people, with all their feelings and thoughts, should participate in the security awareness training.
talented hacker
In fact, I don’t even want to use the word training. At my company – we started in Leicestershire in England in 1993 – we prefer to talk about engagement. Our goal is to turn an incredibly boring topic into something exciting and compelling, and we do this by creating educational entertainment for businesses. Over the past 29 years, we have created numerous sitcoms, commercials, and narrative films about information security and compliance for the world’s largest companies. But our flagship is The Inside Man, an exciting drama series we made for KnowBe4 whose first season came out in 2019.
For those unfamiliar with the series: In The Inside Man, hacker Mark is tasked with destroying London’s Khromacom from the inside. However, the talented hacker soon finds himself tangled up as his new colleagues mean more to Mark than he thought. His loyalty and relationship issues ensured (international) coagulation developments in the following seasons. As I write this, we are in the process of finalizing the script for Season 5.
neural research
Each episode of the series teaches people about digital threats like phishing, ransomware, and deepfakes in a very natural way. Not at a detailed level because there are other ways to do that. No, if people find an episode so interesting that they talk about it with their colleagues, then our job is done. how to do that? with affection. The story should never be about cybersecurity per se, but about the impact (lack of) cybersecurity has on people. Only then do people engage in a topic that would otherwise remain very abstract.
Hence the interrelationships and family ties in The Inside Man are at least as crazy as in the Good Times and Bad Times. As a director, I knew from the start that the series should be about family and not so much about cybersecurity. Everyone has complicated relationships with family members – there is always that crazy brother or that annoying mother-in-law. This makes the story recognizable, and that’s the gist: if we want to teach people something, the series has to be as realistic as possible.
Neurological research has shown that real-life stories with recognizable main characters are no different in our brain from our reality. It makes sense for people to know they are looking at something that is not real, but the brain is completely immersed in the story. MRI scans show that people who watch a horror movie activate in the same areas of the brain when they encounter a fear stimulus in real life. Although The Inside Man is not about fear but about love (wrapped in a sexy jacket), the effect on the brain remains the same. This is why educational storytelling works so well.
colonial pipeline
To make the episode as realistic as possible, we draw inspiration from real cyber attacks and data breaches. Season 4, for example, was based on the 2021 ransomware attack that hit the Colonial pipeline in the United States. Because we want to make an engaging series, the events are dramatic, but everything in The Inside Man can actually happen. We have the luxury of having the cyber security experts at KnowBe4 tell us about new hacking techniques and how they are being implemented. For example, in the script of the fourth season, we took control of an electric car (and yes, that’s really possible).
Whatever happens, people learn from people. So viewers should be able to identify with the main characters. As long as that works, we’ll continue with The Inside Man. Passion means participation. The participation of all employees is essential when it comes to cybersecurity. Only in this way are the organizations protected from the dramatic scenarios that we present to them in the series.
The Inside Man can be seen exclusively as part of KnowBe4’s Kevin Mitnick Security Awareness Training program. Register here to view.
By: Jim Shields, Director of The Inside Man and Founder of Twist & Shout (part of KnowBe4)
Evil tv scholar. Proud twitter aficionado. Travel ninja. Hipster-friendly zombie fanatic.