Why We Need More Cybersecurity Training [Weekly Cybersecurity Brief]

Throughout 2021, we often covered the mounting concern over the cybersecurity talent shortage. And some warn that this is likely to persist as we journey further into 2022. As we work to fill those gaps, however, we also need to concentrate on training the staff members that we currently have in place in cybersecurity matters. This is especially important as challenges to the field show no signs of slowing down. This week, we’re breaking down some tips for engaging employees in cybersecurity programs as well as a few of the news stories shaping the environment emphasizing this need.

When designing cybersecurity training curriculum for teams, one of the most important questions is how do you make it engaging? A recent article featured in CPO Magazine provided a few suggestions that may serve as an answer. As the article points out, research shows that increasing awareness around cybersecurity has the potential to circumvent an incident by 70%, which is critical when considering the loss in revenue, damage in reputation, compromising of data or disturbance in operations that an organization could face due to a breach. Making sure that an organization’s staff is ready to help in preventing such a circumstance begins with establishing an inclusive cybersecurity culture where all members realize that they have a role to play in upholding safety. It is beneficial if this perspective is introduced as early as possible, including during the onboarding process. This also consists of steps like personalizing training material and creating it so that it is presented in an easy to comprehend and time sensitive manner. Reinforcement of practices is next in line. CPO Magazine reports that information retention tends to drop after 4-6 months, therefore maintaining a consistent training schedule is recommended. Additionally, training should be encompassing of the diverse topics that make up cybersecurity such as password and mobile security and recognizing suspicious activity like phishing scams, and it should be updated to reflect the latest threats and other influences impacting the field.

A recent study on SME businesses and self-employed workers in the UK demonstrated why incorporating such criteria is so significant. It found that of the 1000 SME firms and self-employed individuals in the UK that were surveyed, 51% have gone through some form of a problematic cybersecurity event. The study further concluded that malware, data breaches and phishing attacks were the leading causes of these costly cases. Despite the number of experiences, 88% did report having a version of cybersecurity protection in place whether that be specific software, firewalls or multifactor authentication. But there was still 11% of the cohort that stated that they were unconcerned with allocating financial resources for cybersecurity measures. Not only does this emphasize the point that increasing awareness is critical, but it also supports the call to enhance training alongside the further adoption of cybersecurity tools.

In the process of considering other influences impacting the field, especially if you are a large corporation, it is helpful to also remain mindful of the international affairs and policy shifts that are unfolding. As Walmart was just reminded, these are increasingly related to cybersecurity matters. In a report for the South China Morning Post, it was revealed that the China branch of Walmart Inc. was issued a warning by authorities of Shenzhen for not abiding by data practice regulations. The officials stated that they found 19 “loopholes in November in the online network of Walmart’s China operation, which could be susceptible to exploitation,” and were not patched in the proper timeframe according to the report. As the country has been in the midst of tightening regulations, this accusation is said to be in violation of the Cybersecurity Law of the People’s Republic of China and follows a similar claim brought up against Alibaba Group Holding’s cloud computing services. This is a continuation of evolving data-related laws that China has been introducing that affect cross-border activities. Therefore, depending on the purpose of your company, it may come in handy to consider adding current event news when putting together cybersecurity resources.

Key Takeaways:

“How to Get Your Organization Truly Engaged in Cybersecurity Training” – Manoj Srivastava, CPO Magazine

https://www.cpomagazine.com/cyber-security/how-to-get-your-organization-truly-engaged-in-cybersecurity-training/

  • Research shows that increasing awareness around cybersecurity has the potential to circumvent an incident by 70%.
  • Therefore, it is important to make cybersecurity training engaging for all the employees that make up an organization through steps like personalizing training material and presenting it in comprehensive and time sensitive programs that are set on a recurring schedule.
  • In addition to covering a wide range of topics, training materials should also be continually updated to reflect the latest threats and other influencing developments.

“Over Half of SMEs Have Experienced a Cybersecurity Breach” – James Coker, InfoSecurity Magazine

https://www.infosecurity-magazine.com/news/smes-cybersecurity-breach/

  • A recent study on SME businesses and self-employed workers in the UK found that 51% have gone through some form of a problematic cybersecurity event.
  • Malware, data breaches and phishing attacks were the leading causes of these costly cases.
  • Eighty-eight percent did report having a version of cybersecurity protection in place whether that be specific software, firewalls or multifactor authentication, but there was still 11% of the cohort that stated that they were unconcerned with allocating financial resources for cybersecurity measures.

“Walmart’s China unit disciplined by Shenzhen police for breaches of cybersecurity laws” – Iris Deng, South China Morning Post

https://www.scmp.com/tech/big-tech/article/3162609/walmarts-china-unit-disciplined-shenzhen-police-breaches

  • In a report for the South China Morning Post, it was revealed that the China branch of Walmart Inc. was issued a warning by authorities of Shenzhen for not abiding by data practice regulations.
  • The officials stated that they found 19 “loopholes in November in the online network of Walmart’s China operation, which could be susceptible to exploitation,” and were not patched in the proper timeframe according to the report.
  • As the country has been in the midst of tightening regulations, this accusation is said to be in violation of the Cybersecurity Law of the People’s Republic of China.
Share
Share on facebook
Share on twitter
Share on linkedin
Share on email

You Might Also Like...