Webinar Announcement: Why In-House Ransomware Education Fails to Change Behavior Despite the Effort

■ Growing Need for Effective Security Education Amid Advanced Cyber Attacks
Cyber attacks are becoming more sophisticated and cunning every year. Cases where an individual employee's judgment determines the outcome—such as ransomware, targeted email attacks, and phishing scams—are on the rise. Since technical measures alone cannot prevent all attacks, the importance of 'human-centric measures' to enhance employee security awareness and response capabilities is higher than ever.
Especially for large corporations and group companies, the large number of employees means more entry points for attacks, carrying the risk that one person's error could spread across the entire organization. For management and IT departments, security education must not be just about 'implementation' but about 'effectiveness' that actually changes employee behavior.

■ Challenges of In-House Education: High Burden and Lack of Behavioral Change
Many companies conduct security education in-house, but they face challenges in continuous operation due to the heavy burden on staff. Tasks such as material creation, scenario design, and attendee management concentrate on IT departments, often straining their core security operations.
Furthermore, in-house education tends to become standardized lectures or e-learning, which can easily lead to a repetitive 'same content every year' routine for participants. Even if they formally complete the course, whether they can take appropriate action when receiving a real attack email is a different matter. Even if a company conducts targeted email attack drills, it won't lead to behavioral change if the drill is divorced from actual work. The reality is that even if effort is put into in-house education, if the awareness and behavior of participants do not change, the investment will not yield its expected effects.

■ Building an Education System with Role-Playing Content and Practical Training, Aligned with SCS Evaluation
This webinar introduces a method for building security education that combines business scenario-based role-playing and practical training, overcoming the limits of in-house education.
The session will showcase new scenarios for 'Secure Practice,' the role-playing security education content from Hyper Co., Ltd., supervised by VLC Security Arena Co., Ltd., a provider of practical cybersecurity training. Secure Practice fosters employee ownership by simulating cyber incidents. With supervision from VLC Security Arena, it now incorporates insights from the latest attack methods, realizing a training experience closer to real combat. Through multiple scenarios mimicking actual threats like targeted emails, ransomware, and phishing, participants can cultivate response capabilities that cannot be gained through lectures alone.
Additionally, the 'SCS Evaluation System' planned by the Ministry of Economy, Trade and Industry (METI) emphasizes the importance of educational systems as part of organizational security measures. Those considering the construction of effective security education are encouraged to participate.