Cyber Security
People-first. Technology-enabled.

 

Cyber Security Skills Gaps Compounding Vulnerabilities

The adversaries are getting smarter, while the use of cloud and SAAS-based systems are making protection of data even that more complex.  Additionally, ‘zero-day’ attacks are creating data breaches at alarming rates across an unprepared, global marketplace. These large-scale breaches continue to erode consumer and investor confidence and the threat appears to be worsening, as reports of threats to critical infrastructure industries, including energy, finance, and transportation can have profound national security implications.  And to make matters even more difficult, organisations struggle with having the talent to address their cyber security vulnerabilities, given the 1.8 million in predicted shortage of cyber personnel in 2022, according to Frost & Sullivan.

Invest in a Culture of Cyber Security Responsibility

One of the greatest concerns of public and private sector leaders in an age of system vulnerability is Trust. Trust is at the center of most transactions; without it, commerce comes to a halt. As a result, a people-first, technology-enabled, approach to mitigating cyber security vulnerabilities is a growing trend to protect this critical nucleus of commerce. Major General Dale Meyerrose – first Presidentially-appointed, Senate-confirmed CIO for ODNI – succinctly stated, “Cyber Security is what you do – not something that you buy.” Many organisations are now infusing the responsibility of security awareness and critical thinking into the non-technical culture of the organisation – business, marketing, finance, accounting, human resources and operations. A first step in this cultural transition is asking the right questions.

 

OCTOBER – CYBER SECURITY AWARENESS MONTH:
Complimentary Resources

WEEK 3 FEATURED RESOURCE:

The 5 Trademarks of Agile Organizations

Social Engineering –
Perspective from the Frontlines
“…an important topic to discuss as these threats are targeting all levels of companies and customer service employees are on the list! Hackers prey on customer service employees knowing they will go above and beyond to support the client…”

Read Guest Blog ›


TOP 10 Questions
to Cultivate Enterprise-wide Cyber Security Responsibility –

Organisational leaders seeking to improve collaboration, accelerate organisational agility and foster a creative, problem-solving mindset, should consider the following initiatives –

  1. Do all employees have a concise and consistent understanding of how our organisation views and manages security of our property, systems and data?
  1. Have all employees’ job function been modified to included security awareness?
  1. Are employees asking themselves and their colleagues prior to every action – “Could this current action create a vulnerability for myself, my network or my organisation?”
  1. Are proactive discussions of system and data security included in all business decisions?
  1. Do customer-facing employees fully recognize the importance and sensitivity of our customer data, and its proper storage, protection and retrieval?
  1. Is there a defined, cross-departmental triage plan when a cyber event (breach) occurs?
  1. Are employees proactively and reactively reporting system and data vulnerabilities to a dedicated, organisational resource, or team? Are there incentives to do so?
  1. Do employees feel confident about their own capabilities to help mitigate vulnerabilities? If not, do they have ease of access to professionals with the required expertise?
  1. Are employees, and our support personnel, routinely briefed on the threats, and their frequency, to our organisation and its assets?
  1. Is the organisation encouraging enterprise-wide collaboration, communication and critical thinking on system and data protection? How are these skills being developed?

Enabling Responsibility within the Workforce

If the above top 10 questions have highlighted vulnerarabilities, here’s how you can enable security responsibility within your workforce. Enabling responsibility across the entire enterprise starts with creating broad and relevant awareness. Extending the responsibility of system and data protection outside of IT and into the primary department functions of an organisation increases threat awareness, institutional integrity and personal reliability. Achieving sustainable results in this action requires a formal commitment across all People in the organisation, supported by Process and Technology.

Learning Tree International has identified five critical actions to enable enterprise-wide responsibility across any public or private sector workforce.

Develop Cyber Hygiene

The National Security Agency (NSA) identified Cyber Hygiene as a substantial priority for any organisation, as several of the network and data breaches on record could have been prevented with basic cyber hygiene. According to Forbes, cyber hygiene disciplines occur over three phases – planning, execution and check. These disciplines include, but not limited to, hardening techniques, patching, network segmentation, security of both protocols and authentication credentials. This effort is a continuous process as adversaries are always innovating.

Adopt NIST & NICE Cyber Security Frameworks

The National Institute of Standards and Technology (NIST) – an agency of the Department of Commerce – has released one of the most comprehensive, and widely adopted, frameworks that provides guidance in assessing organisational maturity across five functional areas for cyber security – Identify, Protect, Detect, Respond and Recover. Furthermore, the National Initiative for Cyber Security Education (NICE) established a framework identifying common cyber security functions, specialty areas and job roles; highlighting the knowledge, skills and abilities to effectively protect organisational assets.  See the presentation below for more detail on Learning Tree’s course offerings to advance knowledge and skills across the cyber security roles defined in the NICE framework.

Establish Risk Management Posture

The biggest risk to protecting information and information systems in modern business operations are untrained employees and corrupt inside actors. Modern cyber security strategies now employ an enterprise-wide risk management posture across the entire organisation, rather than isolating this strategy within IT. As part of this posture, organisational leaders continually consult with internal and external cyber security experts to review their human capital talent and critical thinking capabilities, business processes, system design, access management and the policies and safeguards governing organisational assets.

Build a Multidisciplinary Program

To combat the forces of threat actors attempting to penetrate your systems and steal your data, an organisation must create an adaptive environment in which the workforce must no longer operate in silos, but rather as multidisciplinary, agile teams.  Job functions and the roles associated with them must be able to rapidly adjust for the variable influences on their responsibilities.  Further, the workforce needs the flexibility of rapidly developing and integrating new skills and capabilities, as the cyber landscape continues to evolve.

Continuous Recruitment & Retention Process

Given the war for cyber talent, HR and Employee Development departments must establish a revised and continuous strategy for attracting and retaining these key hires. Department leaders must encourage more enterprise-wide adoption of security awareness to not overly burden dedicated security personnel. Also, HR professionals must also seek individuals that have the innate skills, but not necessary the technical degrees, and develop those individuals to help address the cyber skills gap.

 

Defend Your Organisation from Cyber Threats with Cyber Security Training — Aligned with the NICE Framework

Explore our interactive Cyber Security Training Framework below:

 

NOTE: Prezi presentations are best viewed with the latest versions of Safari, Firefox, Chrome, and Edge. Please make sure your browser's pop-up blocker is turned off. Trouble viewing the presentation? View the PDF ›

 

October is Cyber Security Awareness Month! #CyberSecMonth

In recognition of Europe’s Cyber Security Awareness Month – STOP. THINK. CONNECT.*, Learning Tree offers you complimentary cyber resources to help apply best practices and adopt a proactive posture in your organisation and in your life.

WEEK 1: Practice Basic Cyber Hygiene

FREE TRAINING:
Free MOOC Security Training

Learn More ›

WEBINAR:
Privacy and Security Go Hand in Hand

View Details and Register ›

REPORT:
Market Trends Cyber Report

View Report ›

EVENT:
Cyber Security for Management & The Boardroom

View Details ›

BLOG:
How Social Media Posts Can Lead to Identity Theft

View Blog ›

BLOG:
No More Signatures! Am I Still Safe?

View Blog ›

BLOG:
Lock The Door: Securing Your Home or Small Business Router

View Blog ›

WEEK 2: Expand your Digital Skills and Education

INFOGRAPHIC:
State of the Cyber Workforce 2018

View Infographic ›

LEARNING PATHS:
CompTIA Cyber Security Career Pathway – with Stackable Certification Bundles

View Learning Paths ›

BLOG:
Cyber Security Is Not Just For Computer Nerds

View Blog ›

BLOG:
Manage Expectations to More Easily Pass Certification Exams

View Blog ›

BLOG:
When Two-factor Authentication Goes Wrong

View Blog ›

BROCHURE:
Defend Your Organisation From Cyber Threats

View Brochure ›

WEEK 3: Recognise Cyber Scams

BLOG:
Customer Service: Avoid Falling Victim to Social Engineering

View Blog ›

BLOG:
HTTPS secures site traffic from eavesdropping, but how much?

View Blog ›

BLOG:
How to Enter The Cyber Security Field

View Blog ›

BLOG:
The Seriousness of the Cyber Security Staffing Shortage

View Blog ›

SOLUTION BRIEF:
Cyber Attacks: The Knowns & Unknowns

View Solution Brief ›

SOLUTION BRIEF:
Thinking in the Security Context

View Solution Brief ›

*https://cybersecuritymonth.eu/

 

How to Implement a People-First Cyber Culture

Contact Learning Tree – a global leader in supporting organisations to gain the right skills, for the right people protecting your organisational assets. We’ll get you in touch with our team of expert cyber consultants who are qualified to listen, learn and support your workforce development needs as a critical component of improving enterprise-wide cyber awareness, responsibility and capabilities.

Preferred method of contact?


Please Choose a Language

Canada - English

Canada - Français