Menu
Live Chat
Contact Us
Scheduling Tool
888-843-8733

Cybersecurity
People-first. Technology-enabled.

Home Business Solutions Cybersecurity

 

Cybersecurity Skills Gaps Compounding Vulnerabilities

The adversaries are getting smarter, while the use of cloud and SAAS-based systems are making protection of data even that more complex.  Additionally, ‘zero-day’ attacks are creating data breaches at alarming rates across an unprepared, global marketplace. These large-scale breaches continue to erode consumer and investor confidence and the threat appears to be worsening, as reports of threats to critical infrastructure industries, including energy, finance, and transportation can have profound national security implications.  And to make matters even more difficult, organizations struggle with having the talent to address their cyber security vulnerabilities, given the 1.8 million in predicted shortage of cyber personnel in 2022, according to Frost & Sullivan.

Invest in a Culture of Cybersecurity Responsibility

One of the greatest concerns of public and private sector leaders in an age of system vulnerability is Trust. Trust is at the center of most transactions; without it, commerce comes to a halt. As a result, a people-first, technology-enabled, approach to mitigating cybersecurity vulnerabilities is a growing trend to protect this critical nucleus of commerce. Major General Dale Meyerrose – first Presidentially-appointed, Senate-confirmed CIO for ODNI – succinctly stated, “Cybersecurity is what you do – not something that you buy.” Many organizations are now infusing the responsibility of security awareness and critical thinking into the non-technical culture of the organization – business, marketing, finance, accounting, human resources and operations. A first step in this cultural transition is asking the right questions.

 

OCTOBER - NATIONAL CYBERSECURITY MONTH:
Complimentary Resources

WEEK 3 FEATURED RESOURCE:

The 5 Trademarks of Agile Organizations

Social Engineering –
Perspective from the Frontlines
“…an important topic to discuss as these threats are targeting all levels of companies and customer service employees are on the list! Hackers prey on customer service employees knowing they will go above and beyond to support the client…”

Read Guest Blog ›

TOP 10 Questions
to Cultivate Enterprise-wide Cybersecurity Responsibility –

Organizational leaders seeking to improve collaboration, accelerate organizational agility and foster a creative, problem-solving mindset, should consider the following initiatives –

  1. Do all employees have a concise and consistent understanding of how our organization views and manages security of our property, systems and data?
  1. Have all employees’ job function been modified to included security awareness?
  1. Are employees asking themselves and their colleagues prior to every action – “Could this current action create a vulnerability for myself, my network or my organization?”
  1. Are proactive discussions of system and data security included in all business decisions?
  1. Do customer-facing employees fully recognize the importance and sensitivity of our customer data, and its proper storage, protection and retrieval?
  1. Is there a defined, cross-departmental triage plan when a cyber event (breach) occurs?
  1. Are employees proactively and reactively reporting system and data vulnerabilities to a dedicated, organizational resource, or team? Are there incentives to do so?
  1. Do employees feel confident about their own capabilities to help mitigate vulnerabilities? If not, do they have ease of access to professionals with the required expertise?
  1. Are employees, and our support personnel, routinely briefed on the threats, and their frequency, to our organization and its assets?
  1. Is the organization encouraging enterprise-wide collaboration, communication and critical thinking on system and data protection? How are these skills being developed?

Enabling Responsibility within the Workforce

If the above top 10 questions have highlighted vulnerarabilities, here’s how you can enable security responsibility within your workforce. Enabling responsibility across the entire enterprise starts with creating broad and relevant awareness. Extending the responsibility of system and data protection outside of IT and into the primary department functions of an organization increases threat awareness, institutional integrity and personal reliability. Achieving sustainable results in this action requires a formal commitment across all People in the organization, supported by Process and Technology.

Learning Tree International has identified five critical actions to enable enterprise-wide responsibility across any public or private sector workforce.

Develop Cyber Hygiene

The National Security Agency (NSA) identified Cyber Hygiene as a substantial priority for any organization, as several of the network and data breaches on record could have been prevented with basic cyber hygiene. According to Forbes, cyber hygiene disciplines occur over three phases – planning, execution and check. These disciplines include, but not limited to, hardening techniques, patching, network segmentation, security of both protocols and authentication credentials. This effort is a continuous process as adversaries are always innovating.

Adopt NIST & NICE Cybersecurity Frameworks

The National Institute of Standards and Technology (NIST) – an agency of the Department of Commerce – has released one of the most comprehensive, and widely adopted, frameworks that provides guidance in assessing organizational maturity across five functional areas for cybersecurity – Identify, Protect, Detect, Respond and Recover. Furthermore, the National Initiative for Cybersecurity Education (NICE) established a framework identifying common cybersecurity functions, specialty areas and job roles; highlighting the knowledge, skills and abilities to effectively protect organizational assets.  See the presentation below for more detail on Learning Tree’s course offerings to advance knowledge and skills across the cybersecurity roles defined in the NICE framework.

Establish Risk Management Posture

The biggest risk to protecting information and information systems in modern business operations are untrained employees and corrupt inside actors. Modern cybersecurity strategies now employ an enterprise-wide risk management posture across the entire organization, rather than isolating this strategy within IT. As part of this posture, organizational leaders continually consult with internal and external cybersecurity experts to review their human capital talent and critical thinking capabilities, business processes, system design, access management and the policies and safeguards governing organizational assets.

Build a Multidisciplinary Program

To combat the forces of threat actors attempting to penetrate your systems and steal your data, an organization must create an adaptive environment in which the workforce must no longer operate in silos, but rather as multidisciplinary, agile teams.  Job functions and the roles associated with them must be able to rapidly adjust for the variable influences on their responsibilities.  Further, the workforce needs the flexibility of rapidly developing and integrating new skills and capabilities, as the cyber landscape continues to evolve.

Continuous Recruitment & Retention Process

Given the war for cyber talent, HR and Employee Development departments must establish a revised and continuous strategy for attracting and retaining these key hires. Department leaders must encourage more enterprise-wide adoption of security awareness to not overly burden dedicated security personnel. Also, HR professionals must also seek individuals that have the innate skills, but not necessary the technical degrees, and develop those individuals to help address the cyber skills gap.

 

Defend Your Organization from Cyber Threats with Cybersecurity Training — Aligned with the NICE Framework

Explore our interactive Cybersecurity Training Framework below:

 

NOTE: Prezi presentations are best viewed with the latest versions of Safari, Firefox, Chrome, and Edge. Please make sure your browser's pop-up blocker is turned off. Trouble viewing the presentation? View the PDF ›

 

October is Cybersecurity Awareness Month! #CyberAware

In recognition of the 15th annual National Cybersecurity Awareness Month - NCASM* recognized throughout North America, Learning Tree offers you complimentary cyber resources to help apply best practices and adopt a proactive posture in your organization and in your life.

WEEK 1: Make Your Home a Haven for Online Safety

FREE TRAINING:
Free MOOC Security Training

Learn More ›

WEBINAR:
Privacy and Security Go Hand in Hand

View Details and Register ›

REPORT:
Market Trends Cyber Report

View Report ›

EVENT:
Cyber Security for Management & The Boardroom

View Details ›

BLOG:
How Social Media Posts Can Lead to Identity Theft

View Blog ›

BLOG:
No More Signatures! Am I Still Safe?

View Blog ›

BLOG:
Lock The Door: Securing Your Home or Small Business Router

View Blog ›

WEEK 2: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity

INFOGRAPHIC:
State of the Cyber Workforce 2018

View Infographic ›

LEARNING PATHS:
CompTIA Cybersecurity Career Pathway – with Stackable Certification Bundles

View Learning Paths ›

BLOG:
Cyber Security Is Not Just For Computer Nerds

View Blog ›

BLOG:
Manage Expectations to More Easily Pass Certification Exams

View Blog ›

BLOG:
When Two-factor Authentication Goes Wrong

View Blog ›

BROCHURE:
Defend Your Organization From Cyber Threats

View Brochure ›

WEEK 3: It’s Everyone’s Job to Ensure Online Safety at Work

BLOG:
Customer Service: Avoid Falling Victim to Social Engineering

View Blog ›

BLOG:
HTTPS secures site traffic from eavesdropping, but how much?

View Blog ›

BLOG:
How to Enter The Cybersecurity Field

View Blog ›

BLOG:
The Seriousness of the Cybersecurity Staffing Shortage

View Blog ›

SOLUTION BRIEF:
Cyber Attacks: The Knowns & Unknowns

View Solution Brief ›

SOLUTION BRIEF:
Thinking in the Security Context

View Solution Brief ›

*https://www.dhs.gov/national-cyber-security-awareness-month

 

How to Implement a People-First Cyber Culture

Contact Learning Tree – a global leader in supporting organizations to gain the right skills, for the right people protecting your organizational assets. We’ll get you in touch with our team of expert cyber consultants who are qualified to listen, learn and support your workforce development needs as a critical component of improving enterprise-wide cyber awareness, responsibility and capabilities.

1-888-843-8733

Live Chat

Preferred method of contact?


Chat Now

Please Choose a Language

Canada - English

Canada - Français