Why developing an internal cybersecurity culture is essential for organizations

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, […]

Are bad analogies killing your security training program?

Security training and awareness campaigns too often fail to change user behavior in any meaningful way, putting both the user and the organization at risk. The solution, experts say, is better security analogies. Information security is an abstract and unintuitive discipline that frustrates and baffles non-technical humans. Attempts to train lay audiences in security best […]

Research suggests cybersecurity skills shortage is getting worse

Each year, ESG does an annual global survey on the state of IT — the business value of IT, new IT initiatives, areas of concern, etc. This year’s research is based upon a survey of 620 IT and cybersecurity professional across all industries, with respondents working in North America and Western Europe. ESG asks respondents […]

New Year’s resolutions for CISOs

Most people have a few New Year’s resolutions — lose some weight, exercise more, spend more time with the family, etc. Based upon ESG research and many discussions with cybersecurity professionals, security leaders must move closer to the business, improve staff productivity and modernize security technology infrastructure in the next year. Read the full list […]

Cybersecurity past to predict the future

As part of the recently published research report from ESG and the information systems security association (ISSA) titled, The Life and Times of Cybersecurity Professionals, 343 infosec pros were asked to identify the cybersecurity actions their organizations have taken over the past few years. Read the list of top responses by infosec pros about their organizations’ cybersecurity past, […]

Why Hackers Are in Such High Demand, and How They’re Affecting Business Culture

News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways. White hat hackers (as opposed to black hats) increasingly are finding employment in companies as security researchers. From conducting penetration […]

8 Steps for Building an IT Security Career Path Program

Cybersecurity professionals are in steep demand, given the projected shortfall of 1.8 million workers by 2022. But organizations can both retain their coveted cybersecurity team members so they don’t get hired away, as well as attract new talent amid competing job offers – by creating a career path program. A majority of companies don’t provide such a […]

Automation Could Be Widening the Cybersecurity Skills Gap

According to Cybersecurity Ventures, the cybersecurity skills shortage is now expected to hit 3.5 million positions by 2021 — a huge jump from current estimates of 1 million job openings. To help compensate for the growing shortage of talent, the cybersecurity industry is embracing artificial intelligence and automation to fill the gap. Read why Gary Golomb, Co-Founder & […]

5 Reasons the Cybersecurity Labor Shortfall Won’t End Soon

Cybersecurity Ventures predicts there will be 3.5 million unfilled jobs by 2021, up from 1 million at the end of 2013. With a growing awareness of the cybersecurity workforce shortage, why is the problem getting worse each year? Read about the 5 main reasons why the cybersecurity labor shortfall won’t end soon according to Steve Morgan, the founder and […]

Companies turn to ‘war games’ to seek out cyber security talent

A major shipping company is under attack. With help from a corrupt executive, an international hacking syndicate called Scorpius, has penetrated the computer networks of Fast Freight Ltd. The hackers have taken control of servers and compromised the systems that control Fast Freight’s vessels and its portside machinery. Read how companies are using war games to seek […]