Improving Cyber Security Skills
Your workforce is a key line of defence against cybercrime, and with a fast-changing threat landscape it is vital that your organisation’s security team understands and adopts the latest best practice to keeping the organisation secure. But the fact is that just under a third of organisations believe their own IT team needs training to improve cyber security skills.
It might appear that the obvious answer is to hire more knowledgeable cybersecurity staff – but this can be more challenging than you might imagine. There is a serious deficit of qualified individuals in the cyber security sector. A recent report revealed that for businesses to address the current shortage of skilled cyber security professionals, an extra four million people is needed.
So, with no easy fix, a degree of emphasis should be placed on upskilling your current workforce and ensure that they have the skills and knowledge to defend against the latest tactics used by cybercriminals. Here we take a look at five ways you can help your existing security team grow their cyber security skills.
Read Next: Improving HR Cyber Security Skills
Facilitate staff collaboration
If you want to upskill your staff, the first thing you should do is better understand the expertise that you already have in your team and work out the best way for this to be shared across the organisation. For example, this could involve pairing up your senior security or IT staff with other members of the team in a mentoring programme. Those who work in cyber security day-to-day have a vast amount of knowledge and information that they can share, often not realising that others don’t know the basics.
The key here is to build a culture of collaboration, where staff willingly share information and advice with each other. Encourage teams to spend time together to help them to understand the risks that others face and what can be done to mitigate them.
Encourage education and training to improve cyber security skills
Perhaps the most crucial aspect of improving cyber security skills is actually sending your staff on training courses so that they keep their working knowledge up to-date. There are many excellent courses that provide insight into industry best practices.
For those interested in broadening their knowledge of cybersecurity significantly, some excellent entry level qualifications include CompTIA Security+ and CISSP. Crucially, it is essential that staff should be given the time and support to study.
Read Next: 15 Highest Paying IT Certificates
Network in the cybersecurity industry
It is also important for your team to gain wider knowledge from the cybersecurity industry. There are many ways that they can do this. A great start is attending workshops and seminars, as these can cover useful information in an interactive way.
It is also a good idea to engage with professional organisations dedicated to cybersecurity. Some of the most important are CREST, the ISSA and the Chartered Institute of Information Security.
Get third-party expertise
Of course, there is the option to take advice and guidance from third-party services in order to upskill your workforce. A great example of this is to have a cybersecurity specialist business perform a penetration test, or even conduct a simulated attack. In this test the pen tester will use scanning and asset mapping to identify vulnerabilities:
“Once access to the network has been established, the pen tester will then attempt to move laterally across the network to obtain the higher-level privileges required to compromise additional assets and achieve the objective of the pentesting engagement” – Redscan
By working closely together with third-party providers your staff can learn from experienced cyber-security specialists. It will also help you establish where your staff need to improve their knowledge.
Read Next: Balancing Cyber Security Budget
Provide threat intelligence
Given the scale of the problems faced in cybersecurity there are now many initiatives and government schemes that aim to provide as much information as possible on cyber threats to businesses in the UK. Many of these resources are completely free to use, so it is a great idea to encourage your employees to spend the time reading their reports and bulletins.
Perhaps the most crucial, is the National Cyber Security Centre (NCSC) which is a part of GCHQ. It produces its Weekly Threat Report, which offers information to companies both in the private and public sectors.
Other useful resources that your business should explore include Action Fraud and the Open Threat Exchange. Both offer free information on the latest threats and how to secure your business against them. When staff understand the types of threats that your business faces, they are better equipped to deal with them.
Is your team cyber ready?
Cyber security teams are under great resource pressure due to the evolving cyber threat landscape. But it is still important to create the opportunities and culture that enable staff to upskill themselves. Your cyber security team are a key line of your defence and a key source of support to the rest of your organisation.
About the Author:
Chester Avey has over a decade of experience in business growth management and cyber-security. He enjoys sharing his knowledge with other like-minded professionals through his writing. Find out what else Chester has been up to on Twitter: @Chester15611376.