Narrowing the Cybersecurity Skills Gap Starts With Security Awareness Training

essidsolutions

As National Cybersecurity Awareness Month gets underway, Zack Schuler, founder and CEO of NINJIO looks at the growing cybersecurity skills gap and how cybersecurity awareness and training can empower employees to defend themselves and their companies from widespread cyberattacks. Find how the old school approach with boringly long email dumps won’t cut it anymore. 

Cybersecurity has never been more important for individuals and companies than it is right now.  Millions of employees are working from home for the first time, which means they have limited access to secure networks, IT staff, equipment with the latest cybersecurity software, updates installed, and so on. Meanwhile, the list of cyberthreats (from criminals to hostile foreign powers) grows longer every day. 

These are all reasons why companies are increasingly concerned about the cybersecurity skills gap, which refers to a shortage of cybersecurity professionals and limited training and career development opportunities for these professionals. However, while cybersecurity pros and other IT experts certainly have a role to play in keeping companies safe, there’s a more fundamental solution to the cybersecurity skills gap — a workforce that knows how to protect itself from cyberattacks at every level. 

One of the biggest obstacles cybersecurity educators face is the stubborn idea that cybersecurity is inaccessible to most people, and employees believe they have to be tech experts to identify and prevent cyberattacks. But in most cases, this couldn’t be further from the truth. Cybercriminals often deceive and manipulate employees to infiltrate organizations, which means education is among the most valuable resources any company has in its cybersecurity toolkit. 

Learn More: 8 Cybersecurity Gaps in Windows 10 That Hackers Can Exploit

Reconsidering the Cybersecurity Skills Gap

When CEOs, CISOs, and IT professionals talk about the cybersecurity skills gap, they usually refer to a lack of employees with specialized technical skills and experience. According to a recent survey conducted by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA), 70% of IT personnel said their organizations had been affected by the skills gap – 45% believe the gap has gotten worse, while just 7% report that they’ve seen an improvement. 

While the report makes it clear that these figures specifically refer to the process of hiring and cultivating talent in the cybersecurity space, one of its central recommendations demonstrates the importance of thinking outside these parameters. 

“What’s needed,” the researchers write, “is a holistic approach of continuous cybersecurity education (starting with public education).” This is an acknowledgment that cybersecurity is a collective enterprise that requires buy-in and training at every level of an organization – and even among the general public. 

Companies need to expand their thinking about the cybersecurity skills gap. Although it’s necessary to provide IT staff with the support they need, we’ve entered an era where organizations can’t rely on small groups of specialized employees to keep them safe. Employees are more connected than ever – it doesn’t matter if they’re receptionists or product designers or engineers. There has been an explosion of attack vectors for bad actors to target, which demands the cultivation of a security awareness mindset across the company. 

Learn More: Top 9 Malicious Sites That Should Be Left Behind a DNS Firewall

Comprehensive Education Is the Surest Way to Stay Secure

Companies are becoming more interconnected every day – from the surging adoption rates of cloud-based communication and productivity tools to the rapid proliferation of IoT devices to the increasing number of employees who need to do some or all of their jobs digitally. While this has created unprecedented digital vulnerabilities for companies, it also means all employees now have a role to play in defending the company from cyberattacks.

Source: Shutterstock

This is why it’s no surprise that an April 2020 Forrester report found that 71% of IT and business leaders say the development of a plan to “build security awareness, behavior, and/or culture” is either a high or critical priority. These findings mirror the ESG/ISSA survey, which reports that 65% of IT personnel believe their organizations should provide more or significantly more cybersecurity training.

The FBI recorded $1.4 billion in total losses from cybersecurity incidents in 2017 – a number that rose to $2.7 billion in 2018 and $3.5 billion in 2019. Meanwhile, surveys have found that the cybersecurity skills gap isn’t improving. It’s clear that the status quo needs to change – companies face a more ominous cyberthreat landscape than ever, they have limited resources for hiring cybersecurity personnel amid the pandemic-driven economic contraction, and their workforces aren’t nearly as well-trained as they should be. But here’s the good news: there are plenty of ways to move beyond this status quo, and some companies are doing just that. 

Learn More: 7 Critical Cybersecurity Strategies for Safe Return to Work

Make Training a Core Part of Cybersecurity Platform

Workplace training initiatives don’t exactly have an encouraging track record – they’re notorious for being tedious information dumps that don’t even try to engage employees on an intellectual level. 

Unfortunately, cybersecurity training is often no exception. According to the Forrester survey, more than half of employees say they have “better things to do … than to attend mandatory security training,” while 45% say “security training is too long,” and 44% say “security is boring, and so is the training.”

Needless to say, these aren’t the numbers that any company or cybersecurity team wants to see. But not all cybersecurity awareness content is created equal – in fact, companies can follow two essential principles to ensure that their efforts to teach employees how to keep themselves and the organization safe actually work.

First, make cybersecurity training relevant. Companies need to show employees exactly how destructive cyberattacks can be, and the most effective way to do this is by highlighting real-life data breaches and other attacks. This won’t just illuminate vulnerabilities and the strategies cybercriminals use to take advantage of them – it will also demonstrate the cyberattacks can cause as vividly as possible. 

Second, keep employees engaged. There are many ways companies can make cybersecurity education engaging, from narrative-driven instruction to gamification. The key is to remember that the days of long-winded workshop presentations and email data dumps are over – employees have to be genuinely interested in what you have to say, or they’ll tune out.

At a time when a huge proportion of the U.S. labor force is working from home and companies are still suffering from a major economic downturn (which makes hiring and training new IT personnel difficult), it’s even more crucial to develop a cybersecurity strategy that empowers every employee to be a cyber defender. If companies make their cybersecurity training platform relevant and engaging, that’s exactly what they will be able to do.

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA