Using Cybersecurity Training to Mitigate Skills Gap
Organizations across the globe are facing a shortage of IT security skills as a result of the coronavirus pandemic, with cybersecurity now the most in-demand technology skill in the world. Studies conducted in recent months have proved that the widening of cybersecurity skills gap is a result of a lack of adequate cybersecurity training, especially for non-technical employees, which in turn is exacerbating the number of data breaches.
For example, a 2020 data gathered by the 2020 Harvey Nash/KPMG CIO Survey, reveals that 83% reported a rise in phishing attempts during COVID-19, while 62% reported a surge in malware attacks – demonstrating how the remote-working landscape has left organizations and their employees far more exposed to threats. While this has left IT security skills in record demand, on the contrary, the cyber security skills gap within the organization continues to widen.
This can be substantiated by another new study by cybersecurity training firm Cybrary which shows that while 65% of IT and security managers agree that the security skills gap has a negative impact on their team’s effectiveness; fewer than half of security staffers say their employers equip them with the resources they need to develop their skills.
Watch the video: Cybersecurity Risk Management Starts with Awareness: Tenable CSO
Firms not investing in cybersecurity training
Many organizations are not sufficiently investing in nor actively supporting skills development for their teams. Many respondents feel their organizations do not understand what skills are required of their team members and a surprising portion of organizations do not track skill development for their IT and security teams at all.
“Organizations have a lot of work to do to provide their staff with the right training, guidance, and support they need,” said Ryan Corey, CEO of Cybrary, adding that despite industry-wide recognition around this growing skills gap, there has been little movement in bridging this gap.
“To make progress, organizations must empower and support IT and security teams by giving them the time and resources they need to grow their skill sets within their current role. It’s truly a win-win situation, contributing to both the individual’s career growth as well as organizational goals.”
The study also shows that there has been limited progress from organizations in supporting employees and investing in continued training and development programs, despite the expectation for employees to keep pace in their dynamic roles.
Closing the cybersecurity skills gap
With about half of organizations either decreasing their training budgets or keeping them the same this past year, it’s not surprising that industry professionals struggle to find opportunities to improve their skills for their work. Nonetheless, experts believe, cybersecurity training and awareness among employees should be a key part of every organization’s business strategy, especially at a time of rapid shift to remote working caused by the pandemic.
“The industry is overdue for a wake-up call to address the IT and security skills gap and talent shortage, especially as we enter a new era of remote work,” said Ron Gula, founder of Gula Tech Adventures.
“This vision for attracting and retaining talent can only be fulfilled if organizations continuously invest in their employee’s career and skills development. By assessing existing IT and security training programs, organizations can finally begin to empower their employees to scale their current skills and ultimately, their careers,” he said.
Read more: How CISOs Can Address Cybersecurity Challenges of COVID-19
While there has also been greater industry collaboration and more acquisitions in the cyber security space, there’s a lot more organization can do on an ongoing basis to mitigate the cyber security skills gap. An interest from top management – and not just the IT team – to share data and training resources whenever possible can be a simple yet effective way to make individuals aware of the importance of cyber security.
As cybersecurity trainer Vijay Upadhyay said, “Invest in your people. Encourage them to participate in online educational events, and deploy the right technology, like virtual IT labs. Employees are more likely to stick around if they see that the organization is committed to developing their skills; plus, you’ll be able to bring them along in the way that works best for your company.”
The cybersecurity skills gap is about much more than organizations having difficulty filling open positions; it’s an existential threat to the ongoing viability of those organizations, especially with the transition to a remote workforce model, believes Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet.
He sees employee motivation having a significant impact on cybersecurity, as insider threats are often associated with careless or negligent users who make mistakes either because they are trying to save time or because they are not paying attention.
“Organizations can mitigate this risk by offering internal mentorships that are designed to keep employees engaged, helping to improve productivity and keep employees aware of their impact,” he said, stressing on the importance of virtual training opportunities – centering around cybersecurity awareness and accountability – that can also play a critical role in helping employees understand the importance of cyber hygiene.