By Okey Obudulu
In today’s tech-driven world, where businesses heavily rely on technology, the need for a robust cybersecurity framework cannot be emphasized enough, especially as breaches occur more frequently.
Fortinet’s 2023 Cybersecurity Skills Gap Report shows data breaches jumped 80% from 2021 to 2022, with 84% of survey respondents incurring at least one incident. Further, the number of organizations experiencing five or more jumped by more than 50% during the same time period.
Threats and breaches aren’t only becoming more frequent but more costly too. IBM’s Cost of a Data Breach Report shows that the average breach costs businesses $4.45 million. Additionally, Verizon reports that three-quarters of breaches are due to a human element, which includes social engineering attacks, errors or misuse. This means that whether accidentally or negligently, employees’ lack of awareness or skills plays a role in cyber risk.
Cybersecurity training plays a vital role in safeguarding organizations. However, training efforts often fall short due to outdated content, lack of engagement, and failure to meet employees’ needs and preferences. Organizations remain at risk if even a single member lacks adequate training, emphasizing the importance of accessible and engaging training programs.
So, how can organizations encourage learning about cybersecurity and foster a culture of security to safeguard their network, sensitive data, and customer information?
- Embrace regular, personalized training: Effective training contributes to improving security training which in turn translates into improved security posture. While the workload often poses a challenge, leaders in cybersecurity are acknowledging the importance of making time for training. By demonstrating its value, organizations can encourage their employees to actively participate. Providing diverse training modalities, including books, on-demand courses, and instructor-led sessions, ensures that employees can engage with the material in ways that suit their preferences.
- Foster alignment between security teams and workforce: Enhancing communication channels between security teams and the wider workforce is paramount. Transparency and visibility into security efforts build trust and encourage collaboration. Regular security awareness communication and internal initiatives can bridge the gap, fostering a sense of partnership in safeguarding the organization.
- Stay vigilant about organizational trends: Understanding the evolving landscape of potential threats is crucial. Cybersecurity professionals need to regularly assess their organization’s attack surface, identify vulnerabilities, and develop contingency plans. Keeping documentation updated and accessible ensures a prompt response when attacks occur, minimizing potential damage.
- Collaborate with partners and customers: Engaging with external stakeholders, including partners and customers, is an extension of internal efforts. By sharing insights, strategies, and emerging threats, organizations can create a cohesive and vigilant cyber-aware community. Education and open communication lay the foundation for mutual support, fostering a collective effort in combating cyber threats.
- Focus on relevant metrics: Evaluating the effectiveness of training programs is crucial. Having relevant metrics that track utilization, course completions, skills development and more can help demonstrate progress. These metrics not only influence strategy for ongoing education and empowerment of employees but also serve as a basis for assessing the success of cybersecurity training initiatives.
(The author is Okey Obudulu, CISO, Skillsoft, and the views expressed in this article are his own)
