Tag: Skill Development

(ISC)² : Global Cybersecurity Workforce Short 3 Million People

The global shortage of cybersecurity experts has reached 2.93 million, posing a growing risk to businesses worldwide struggling to find, hire, and retain skilled employees to maximize their defenses.

According to the new (ISC)² 2018 Cybersecurity Workforce Study published today, the shortage is greatest in Asia Pacific, which lacks 2.14M security workers, followed by North America (498K), Europe, the Middle East, and Africa (142K), and Latin America (136K). Researchers calculated the percentage of businesses with open roles, businesses’ estimated growth and future hiring needs, and estimates of entrants into the security field to come up with the numbers.

Read more about the findings of the new (ISC)² study on DarkReading.

Even with internal focus, most companies utilize external resources for cybersecurity

A greater reliance on metrics to measure success combined with enhancing skills across security teams can help organizations boost their cybersecurity effectiveness, according to a new report by CompTIA.

“Though just one in five organizations makes heavy use of metrics within their security function, a full 50 percent of firms are moderate users of these measurements,” said Seth Robinson, senior director for technology analysis at CompTIA. Robinson advised that the most important guideline for establishing security metrics is to make sure that all aspects of security are covered.

Read more about the findings of the new report on Help Net Security.

10 Tactics For Teaching Cybersecurity Best Practices To Your Whole Company

Smart leaders know that their entire team needs to be well-educated on the importance and best practices of cybersecurity if they hope to protect their data. Unfortunately, this is easier said than done, especially when it comes to training your non-tech employees. Using too much jargon and technical terms will only disengage them, leaving them less prepared and less vigilant.

While you don’t necessarily need to “dumb down” cybersecurity training for non-techies, you do need to present the information in a way that’s relatable and easy to understand.

Read about 10 tactics you can follow while approaching this task on Forbes.

6 Security Training Hacks to Increase Cyber IQ Org-Wide

Some of security’s toughest nuts to crack are the vulnerabilities introduced by the human element. Users are duped by phishers every day. IT operations staff configure infrastructure insecurely over and over again. Developers repeatedly write code in the same insecure fashion. Executives are tricked by business email compromises into wiring large sums of money directly to crooks. And IT security staff is asked to carry out near impossible feats of digital protection because they themselves are poorly trained to set up the tools and practices they need to keep up with attackers.

If organizations are going to make a real dent on cyber-risk, they need to start taking security training to the next level.

Read how you can move beyond generic annual awareness training and truly increase cybersecurity IQ across your entire organization, on DarkReading.

2018 State of the Phish Report

Good news on the security awareness training front: Wombat Security (now part of Proofpoint) reports that 95% of companies they surveyed now train end users on how to identify and avoid phishing attacks, up from 86% in 2014.

The State of the Phish Report is based on analysis from data from tens of millions of simulated phishing attacks sent through the wombat security education platform over a 12 month period.

Data is related to 16 industries covering thousands of customers, from mid-range to large enterprises. It includes over 10,000 responses to quarterly surveys from infosec professionals revealing what organizations are experiencing.

Even more good news: Training has an impact. 54% of security pros said they have been able to quantify reductions in phishing susceptibility based on training, according to Wombat’s “2018 State of the Phish” report. Yet it is impossible to understand where companies still go wrong with their security awareness training.

You can get the 2018 State of the Phish report and many related studies and assessments at our Threat References page.


12 things every IT security professional should know

Few complex professions change with the velocity of IT security. Practitioners are faced with an average of 5,000 to 7,000 new software vulnerabilities a year. That’s like springing 15 new leaks in your defenses every day. That’s on top of the tens of millions of unique malware programs that threaten your IT environment each year.

Amid this deluge of constant threats, a single slip-up could compromise the crown jewels and put your company in an unwanted media spotlight, hurt your revenues, and get people fired.

Read about twelve things every computer security professional should know to successfully fight the good fight, on CSO.

Cyber hygiene training is infrequent and inconsistent

Finn Partners Research released findings from its Cybersecurity at Work study that examined the level of cyber risk that employees pose to their organizations.

The in-depth study, which surveyed 500 full-time office employees across the US, found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Read more about the findings of the study by Finn Partners Research on Help Net Security.

Cybersecurity & Business: Not Just an IT Problem

Connected technology, Internet-enabled (IoT) devices and other digital services each come with their own security risks. But when used in concert with businesses and their data, these technologies can present more substantial cybersecurity risks than those used for personal use.

Vendors, suppliers, partners and other third-parties associated with your business can also increase your risk for a data breach. Consequently, businesses have spent millions on cybersecurity solutions to combat the risks of the multitude of online, data-driven business services.

Read why, aside from adopting new technologies, a proper cybersecurity strategy requires businesses to emphasize cybersecurity awareness and education along with their stringent security protocols, on Business 2 Community.

The Fundamental Flaw in Security Awareness Programs

Most security awareness programs are at best gimmicks that will statistically fail at their goal. They intend to educate people so that they can make better decisions regarding how to behave or whether they are being conned. The programs intend to get people to think so that they eventually will behave better. This will at best achieve basic results.

Stop and consider that you are relying on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, nation-state, etc. Logically, this is a ridiculous business decision.

Read why Ira Winkler, president of Secure Mentem, believes the ideal awareness program focuses on reinforcing procedures and guidelines, which have embedded security, on DarkReading.

Top six security and risk management trends

Business leaders are becoming increasingly conscious of the impact cybersecurity can have on business outcomes. Gartner said that security leaders should harness this increased support and take advantage of six emerging trends, to improve their organization’s resilience while elevating their own standing.

Trend No. 1: Senior business executives are becoming aware that cybersecurity has a significant impact on the ability to achieve business goals and protect corporate reputation.

Read the full list of emerging trends that security leaders should take advantage of according to Gartner, on Help Net Security.