A single cyberattack in the U.S. last year cost an average of $8.19 million. With so many workers around the world now working from home, the risk of cyberattacks has only increased. From unreliable home networks to unsecured mobile devices, there are a variety of ways that a remote workplace make it more important than ever for your organization to have a team of well-trained cybersecurity professionals to defend the business against cyberattacks and adequately respond in case an attack does happen.
If you don’t currently have employees who are trained in cybersecurity, you’re not alone. In a 2019 Center for Strategic & International Studies (CSIS) survey, 82% of employers reported a cybersecurity skills gap, and 71% said that gap “causes direct and measurable damage” to their organizations. Cybersecurity is the most difficult IT job to fill — but all is not lost. You likely already have many talented information technology (IT) professionals who would be willing and able to step up to the plate. All it takes is identifying those professionals and then giving them the skills and tools they need to be successful in a cybersecurity role.
The Right Talent
First, work with your IT team to identify high-performing talent who are interested in cybersecurity. Look for employees who have excelled in their current roles; expressed interest in cybersecurity; and demonstrated key skills such as problem-solving, attention to detail, communication and learning agility.
DLT, a Tech Data company, identifies the following categories of cybersecurity that map directly to IT roles in most enterprises:
- Application security: The safety of applications.
- Configuration management: The secure configuration of devices and applications.
- Contingency planning, redundancy and business continuity: Ensuring that your organization can continue operating if you experience a cyberattack.
- Data security: Including encrypting data, monitoring data flows, and preventing unauthorized persons from accessing and modifying data.
- Endpoint protection: Detecting and neutralizing cyberattacks.
- Governance, risk and compliance: Complying with laws, regulations and policies.
- Identity and access management: Making sure users are who they say they are, have access only to the data they should have access to, and can conveniently and securely access it.
- Incident response and forensics: Both computer and staff responses to intrusions.
- Infrastructure security: The security of the devices and systems that protect your organization’s infrastructure, such as firewalls and email gateways.
- Internet of things security: The security of any devices that are connected to the internet and consuming or providing data, including medical devices, weapons systems, aerospace systems and infrastructure.
- Messaging security: The security of email, other communication platforms and the data they contain.
- System and asset management: Creating an inventory of all assets in need of securing and ensuring that they are secure.
The Right Skills
Work with your IT team to identify team members who have existing skills in these cybersecurity areas. Other skills you’ll need to provide training on include cybersecurity administration, security engineering, and the use of any cybersecurity products or services your company uses or plans on using.
You might also want your team trained in ethical hacking, which looks at cybersecurity problems from a hacker’s perspective in order to prevent cyberattacks from happening. Ethical hacking training uses real-life scenarios to help learners understand how hackers operate and then teaches them how to use that knowledge to make their organizations more secure.
The Right Training
There are many modalities to choose from when it comes to cybersecurity training. Instructor-led training is effective because learners have a scheduled time to be present and can learn directly from a live instructor, who facilitates labs and answers questions. Of course, in response to many organizations’ current work-from-home policies, most training programs are now virtual. Fortunately, many training providers also offer effective virtual instructor-led training sessions. The savings in both cost and time make virtual training a popular modality for cybersecurity training.
Self-paced eLearning is also an option. With this modality, learners have access to the same curriculum they’d have in person and can learn on their own schedule and time frame — but without the live instructor and labs. Some online learning providers offer online forums and access to virtual “office hours,” so if you are going with eLearning, look for a vendor with these additional valuable services so that your learners can easily ask questions and receive more support as they proceed through a course.
While employees are beginning to return to the office, working from home is not going away, and neither is the risk associated with having employees working remotely. By reskilling current IT talent for cybersecurity roles, you can give them an entry into an exciting new career and protect your organization, all at the same time.