As suspected, cybercriminals wasted no time capitalizing on the COVID-19 pandemic and a fresh crop of remote workers. In their chaotic exodus away from the office, enterprises were equally frenzied trying to fortify cloud infrastructure to support their new remote workers.
But moving to the cloud too quickly can cause an organization to overlook best practices, leading to increased vulnerabilities. Further, the many employees working from home with lax or outdated security can offer a pathway to company servers for malware or data theft. In fact, Carbon Black reported a 148% increase in ransomware attacks between February and March 2020.
Just like with the coronavirus, to reduce the risk of a cyberattack, workforces need to remain vigilant, with their guard up at all times. But knowing what to do against unseen foes isn’t common knowledge; it requires training.
The old way of teaching cybersecurity would involve sending teams to user conferences or seminars or engaging in group training exercises. In this day and age, that method is not possible anymore — which could be a good thing.
A Two-pronged Approach
In order for a company to better mitigate cyber-risk, two groups of people require two different sets of knowledge. Firstly, non-information technology (IT) employees need training on how to be cyber-vigilant at home and keep themselves from becoming a conduit for hackers to reach the corporate network. While this training has always been a chief concern, it’s even more so now because of the prevalence of home security weaknesses.
Secondly, IT teams need to be trained on the complex cybersecurity solutions organizations are trusting to defend networks, especially if they include a slew of recent purchases aimed at bolstering security. If a company just completed a quick cloud migration, the IT team will also need training on how to manage the always-changing and autoscaling nature of the cloud in order to close vulnerabilities.
Teaching Vigilance and Security Posture
A 2018 report by Shred-it notes that employee negligence is among the biggest cyber-risks to a business, making education and awareness critical. Lately, phishing attacks — the preferred delivery method for ransomware — have seen a sharp rise among remote workers.
To reduce risk, companies must invest in training their employees to spot a threat and react appropriately. Since IT can no longer summon everyone to a day of training in the conference or lunch room, virtual IT labs can bridge the gap and deliver a richer, hands-on training experience that mirrors real-world situations and networks.
One of the most effective ways of learning a new skill is by actually experiencing it. Empowered by the reach of the cloud, IT labs can offer insightful demos and provide the ability for learners to train and “play” in realistic environments that are familiar to them, without the risk of breaking any real programs and under the watchful eye of an instructor.
Any training solution an organization uses for cybersecurity training must also be able to support multiple learning scenarios. For example, some employees will prefer a self-paced module, allowing them to complete training when and where it’s most convenient. Others will prefer real-time instructor-led training (ILT), which is useful for dealing with complex issues and new threats. A virtual IT lab should support both.
Learning the Latest Software
IT teams must make the most of their cybersecurity software investments. If a company recently made a migration to a cloud provider to increase business efficiency, its IT team is responsible for configurating their environment, which is a complex undertaking. Regardless, any organization needs to bring its IT team up to speed — a practice that must continue as new threats arise and security updates are required.
With software vendors and service providers no longer able to conduct user conferences or offer in-person training, the ability to reach customers anywhere and offer a rich, effective learning experience has become critical. The same capabilities that can teach employees to straighten their security posture can deliver robust, technical training to customer IT administrators, allowing them to practice in cybersecurity labs and sandboxes identical to their actual network. This approach makes simulations and “war games” even more realistic.
Virtual instructor led training (VILT) further enables learners to directly interact with trainers, and with the right system, instructors can monitor learner progress and jump in via chat when they spot someone in need of assistance.
Invest in Knowledge
Reducing risk in today’s threat landscape requires constant attention and vigilance — from everyone. It’s not enough to have the latest technology guarding a network infrastructure and reducing the attack surface. Having the knowledge and experience to work securely and effectively within the network is the other half of the equation.
Gaining that knowledge and experience requires training and is the wisest, most cost-effective investment a company can make. After all, it only takes a single, simple lapse in judgment to land a company in the headlines because of a cyberattack.