The C-suite has a new and immensely important addition. Now, sitting right next to the CEO’s, COO’s and CFO’s is a C-level executive. The Chief Information Security Officer or CISO’s mission is to deal with cyber security conditions. The corporate position is becoming vital in the corporate world because we face an age of Ransomware, Malware and other vulnerabilities that proliferate on the net.
What Is The Situation?
Criminals and other cyber thieves don’t need blow torches and nitro to pull off a heist anymore. They need and have an arsenal of cyber burglary tools to do it for them.
How Do They Get in So Easily?
People are the weakest link in your chain of cyber threat defense. As such, CISOs know they need to keep their eyes and attention on employees who may inadvertently or intentionally open the door to allow access by unauthorized users.
The big questions that must be asked are: do your employees have the skills to recognize and combat cyber threats and cybersecurity issues? Are you making sure they have the training and the knowledge to stand up to the ever inventive cyber criminals? And are you – as a company – seeking out and securing the services of people with the skills and talents needed to be a line of defense?
A recent research study by ESG and ISSA revealed that 96% said that professionals in cyber-security need to keep their skills on high alert because cyber-foes spend all their time finding new and inventive ways to breach your security.
Unfortunately, even knowing that, organizations repeatedly fall behind when it comes to training. That can be because of perceived high costs, or too little time or other excuses. But as a reminder, the costs of putting things back together and salvaging your company’s reputation will be far greater.
Cyber professionals stated unequivocally that they want more resources to help in the fight. Undergraduate programs don’t teach much of that. For instance, a 2017 study reported that not one of the top 10 computer science programs in the U.S. require it and less that 25% of cyber threat and security professionals believe that their education gave them the skills needed in the real world, with real threats and real professionals working against them.
Because of that, CISO’s may have to do the training themselves or create in-house programs that will do so. And that training needs to include non-tech employees as they are often the portal in by downloading malicious files, opening dangerous links or becoming the victim of a Phishing trip.
So, What to Do?
Make education tools available to all your staff. Create simulations and teach your staff how to react. Use all opportunities to incentivize the use and learning of new skills.
These can and should include:
- Fundamental security online or on-demand courses.
- Programs administered by accredited resources.
- Vendor training so your suppliers know a safe and secure way into your systems.
- Cyber-security classes, events and simulations. Training labs virtual or actual.
A Word about Virtual Training Labs
They are cost-effective solutions for both new and existing employees teaching safeguards to cyber vulnerability and should have the support of all upper management. Cyber-security should dominate the first days of an employees training and keep being reinforced and updated as new challenges arise.
In the end, it’s more about people than it is about technology, so people are where your defense program must begin.
If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.
Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.