If you’re having a tough time finding skilled candidates for cybersecurity positions, you’re far from alone. Analysts at ESG and the Information Systems Security Association (ESG/ISSA) estimate 70% of organizations have felt the pinch of talent shortages. A survey by The Center for Cyber Safety and Education (CCSE) noted there’s a global shortfall of 3 million skilled personnel, leading nearly 60% of respondents to say their organizations are at moderate to extreme risk as a result.
At the same time, there continues to be an uptick in cyberattacks and data leaks. Risk Based Security reported the first six months of 2019 saw more than a 50% increase in breaches. Yet, further research by ESG/ISSA showed while skill shortages are “exacerbating the number of data breaches,” close to two-thirds of organizations don’t provide training to counter risks. And Ponemon Institute’s 2018 Cost of a Data Breach Study noted training is one of the best ways to lower the financial toll of a data breach.
It’s widely acknowledged that if a company hasn’t been the target of cybercrime, it’s only a matter of time. That said, the following four Es – education, efficiency, embracing and engagement – can help training and IT leaders better handle the growing cybersecurity skills gap within their organizations.
Human error – mistakes made by employees – continues to be the leading culprit when it comes to introducing breaches. Though phishing attacks have been decreasing over the past five years, the 2019 Verizon Data Breach Investigation Report shows they still accounted for 32% of breaches.
Cyber-awareness training for employees has been effective in reducing such instances, and the fewer mistakes made, the better – so this should continue to be a priority. But education is for everyone, bottom to top, and don’t assume the C-suite is versed in security.
In fact, the CCSE study found cybersecurity job requirements aren’t always understood by leadership. And when non-technical execs rule IT budgets – but don’t fully understand what is needed for effective cybersecurity – a talent shortage can become much worse.
Companies that fall short on training often do so because of a perception it’s too complex, time-consuming and costly. Not only is this untrue, any expense would pale to a ruined corporate reputation, mass customer departures and fines. Employee and cybersecurity training not only reduces the likelihood of that happening, there’s greater cost-efficiencies to be realized.
For a global organization, flying a cybersecurity team in for face-to-face skill development, or to work with IT or human resources (HR) on employee training, takes key personnel away from defenses – and delays can make the impact of a breach even worse. It’s also costly to accommodate travel and related expenses, a tab that grows exponentially if repeated sessions are needed, and the increase to logistics like scheduling, course delivery and design can exhaust the very people you’re trying to retain.
The trick is to harness the cloud, and when coupled with the right platform and virtual IT labs, training becomes simpler, more efficient and powerful. Wherever employees and cyber teams are located, regardless of scale, you can bring everyone together in moments, supplied with course materials and even virtual trainers. There’s no travel expense, and because time is saved – especially by repurposing training modules and automating tasks – you can do more with less and avoid staff burn out.
Embrace and optimize
Beyond embracing the cloud, you need to find a provider that can handle the specialized environments required for real-world, hands-on training, accompanied by a platform for creation and management of programs.
If your company uses a large commodity cloud provider like Google, AWS or Azure, be sure a specialty provider can easily integrate with them.
The reason is, you’ll need to upload very complex software; doing so with a generic public cloud is difficult and time-consuming. You’ll also want to use the purpose-built tools of a specialty provider to automate tasks, simplify setup, create training content, manage programs and more.
And, of course, you want to be able to fully optimize your training resources.
A “practice by doing” method that entails a hands-on experience is one of the most engaging and effective ways to learn. That’s why gamification is popular in training. It blends the fun factor of competitive computing and allows the use of real-world software tools.
A hands-on staple used by government and military agencies are cyber ranges. These enable incident response in sandboxed lab environments, so a cybersecurity team can face real-world threats and counter attack with proven tactics and policies without risk to infrastructure.
This type of approach can retain cybersecurity talent by enabling personnel to keep their skills sharp. And, if you can offer accreditation with this training – or partner with organizations that can – you’ll increase loyalty, deepen your skill bench and even attract candidates.
Many IT and cybersecurity leaders hesitate to conduct such initiatives, fearing employees will use their new credentials to secure more lucrative positions elsewhere. That’s a fact of life, regardless. However, employees appreciate companies that care about their growth and put them on a defined career path. It gives them greater job satisfaction, a sense of security, increases personal engagement and builds skills.
All of which are good reasons to stick around.
Cheaper to keep ‘em
The 2019 World Economic Forum report named cyber threats the fourth greatest risk to global economies, just behind such things as natural disasters and climate change. There’s a lot more to do today in security and much greater competition for cyber talent, so it’s important to invest in your people with training and technology.
That said, share training resources when possible. Some partners open up training to those outside their company; take advantage of this and do the same. This could also introduce you to some new faces and fresh skills, while at the same time building greater loyalty to your brand.
Further, deploy the right technology, like virtual IT labs. Talent is more likely to stick around when they have access to powerful tools, plus you can bring them along in ways that work best for your company. With the right technology, your team will also be able to accomplish a lot more with less. This not only increases cost-efficiency, you’ll keep employees from burning out.
Gamification is popular in #cybersecurity training as it blends the fun factor of competitive computing and allows the use of real-world software tools. #respectdata Click to Tweet
Remember, you need skilled cyber talent to overcome shortages. Isn’t cultivating what you have a lot cheaper, faster and less risky than starting from scratch?