October is National Cybersecurity Awareness Month. With the cost of cybercrime projected to hit $2 trillion in fewer than three years, it’s easy to see why an entire month could be dedicated to the topic. Training professionals are the key to increasing vital skills in an organization, and cybersecurity skills are no exception.
At TrainingIndustry.com, we are observing National Cybersecurity Awareness Month with a series of articles dedicated to the topic of cybersecurity training.
A survey conducted earlier this year found that 43 percent of organizations offer only one basic cybersecurity training course, and only 11 percent measure the success of their cybersecurity training programs by the actual reduction of unsecure behaviors. Moreover, 70 percent have insufficient in-house expertise to reduce risks, and almost half have insufficient funding to implement cybersecurity training.
Another recent survey explored the global cybersecurity skills shortage. In this study, 82 percent of respondents report a shortage of cybersecurity skills, which according to most respondents “does direct and measurable damage,” including making their organizations a target for hackers. The report makes several recommendations, including:
- Accept non-traditional education for entry-level cybersecurity jobs, focusing on professional certifications and practical experience.
- Expand the cybersecurity talent pool by diversifying the workforce.
- Invest in cybersecurity training to enhance skills and retain talent.
- Develop skills to work with increasingly automated security processes.
- Develop a standard of cybersecurity skills that applies across industries.
It’s not just important to train cybersecurity staff, however. From human error to cyber criminals hiding inside organizations, the biggest cybersecurity threat to any company is its people. It’s crucial, therefore, to educate all employees on best practices to protect themselves and the organization. In fact, training – of both IT employees and others – has the biggest impact of any solution on the per capita cost of cyber breaches.
Additional research conducted this year focused on the relationship between “the human element” and security breaches. Across the enterprise, organizations that had recently experienced a significant data breach were rated more poorly by employees in the amount of training provided for their various roles. Researchers believe that creating a consistent, continuous learning environment is key to reducing the risk of cybercrime.
As criminals increasingly focus on tricking people into cybercrime rather than using technology alone to hack organizations, it’s increasingly important to train employees to identify and avoid potential risks. What is phishing? How does the company protect confidential information? How should employees protect data when working outside the office? Do employees log on to social media accounts at work, and what do they share on those accounts? Which data is considered “sensitive,” and which isn’t? Employees need to know the answers to these questions to protect themselves and their organizations.
Training professionals must be on the frontline protecting their businesses from cybercrime. By creating a continuous learning environment, providing ongoing cybersecurity skills training to IT professionals and awareness training to all employees, and making cybersecurity a priority, training organizations can help reduce risk and protect the enterprise from costly hacks.
Visit TrainingIndustry.com throughout the month of October for insight and tips on how you, as a training professional, can help protect your organization.