Building a strong cybersecurity programme that can hold up to today’s ever-changing threat landscape is a primary concern among organisations and business leaders in 2022, writes Aaron Rosenmund, Director of Security Research and Curriculum at the tech platform Pluralsight.
The UK government’s Cyber Security Breaches Survey 2022 found that 39pc of organisations have faced cybersecurity breaches so far in 2022, and 82pc of senior managers in UK businesses rate improving cybersecurity as a high priority.
Furthermore, according to recent research from Tanium, the vast majority (86pc) of companies that faced a cybersecurity breach in the past six months believe investment in preventative measures – like staff training or more modern tools – would minimise incidents.
Pluralsight’s 2022 State of Upskilling Report corroborated these cybersecurity trends. The report found that cybersecurity was the top personal skills gap among 43pc of respondents, above cloud computing (39pc) and data storage (36pc). Additionally, 44pc of respondents agreed that cybersecurity skills gaps were the largest current risk to their organisation.
In light of these findings, it’s clear that businesses need to act quickly and aggressively to keep their technology teams apprised of current cybersecurity trends and threats. Here’s how to upskill your technology teams to create an air-tight cybersecurity program.
What does the cybersecurity skills gap look like
Cybersecurity attacks remain a prevalent issue for businesses and this isn’t set to change. . By 2025, total spend on cybersecurity service providers is projected to reach $101.5 billion and there is a projected 15% increase in costs related to cybercrime. These staggering figures emphasise the challenge of keeping up for most modern organisations. Inevitably, the ever-changing cybersecurity landscape has created a long -standing cybersecurity skills gap.
At a time when cyber threats are so prolific, it’s more important than ever to have a skilled cybersecurity workforce that is able to defend against sophisticated and varied attacks. However, as the State of Upskilling Report suggests, a large portion of today’s tech workforce do not feel they have the adequate skills to meet their organisation’s cybersecurity needs. Simply put, business leaders have work to do to hone their technologists’ cybersecurity skills. According to IBM, tech skills are only relevant for around 2.5 years, which makes cybersecurity expertise that was cutting-edge in 2019 nearly obsolete today.
Owing to the rate at which the cybersecurity landscape is changing, historical knowledge and legacy methods can rarely defend against the increasing complexity of today’s threats. This means that organisations and business leaders must take responsibility for providing their technologists with the tools they need to keep their organisations safe and secure.
The role of upskilling
Though the cybersecurity skills gap may seem like an overwhelming project for businesses to tackle, there is some good news – technologists are eager to bolster their tech skills. In fact, the State of Upskilling Report revealed that 91 per cent of respondents want to improve their tech skills. Technologists are also demanding that their organisations provide them with the means to do so, with 48 per cent saying that they have considered changing jobs because they weren’t given sufficient resources to upskill. Additionally, 75 per cent of respondents agreed that their organisation’s willingness to dedicate resources to developing their tech skills affects their plans to stay with the organisation.
Despite the fact that technologists are hungry for learning opportunities, most organisations still do not set aside specific time for their technologists to boost their skills. The State of Upskilling Report found that only 36% of organisations allocate dedicated work time for learning, falling to 32% for technology organisations specifically. There is a clear misalignment between technologists’ desire to upskill and organisations’ willingness to apportion time and effort to upskilling.
So how do we solve this problem, especially among cybersecurity professionals? The first step is to arm cybersecurity professionals with resources such as on-demand cybersecurity training, hands-on learning opportunities to understand both red and blue team perspectives, and flexible upskilling options that fit in with the busy schedules of many cybersecurity experts. The key takeaway here is that cybersecurity training should not be optional for anyone within your organisation, let alone your cybersecurity pros. To keep your organisation’s cybersecurity programme strong, you must continuously arm your tech teams with the knowledge that will help them defend against the next cybersecurity attack.
A plan for long-term cyber success
Learning how to outsmart bad actors in a bid to future-proof an organisation’s cybersecurity programme is an ongoing cycle for teams. As a result, any programme must run like a well-oiled machine – with a lot of maintenance and upkeep.
Creating a culture of learning within tech teams will position technologists towards a proactive, rather than a reactive, approach to cybersecurity. This means that organisations must have programmatic steps in place to constantly renew cybersecurity knowledge and best practices.
New cybersecurity strategies are being developed every year to stay ahead of attacks. For instance, Zero Trust Architecture, a cybersecurity method that does away with the idea of “trusted” insider and “untrusted” outsider, has begun gaining traction in private businesses and governments alike, ushering in new standard operating procedures for security teams. Staying abreast of these cybersecurity trends takes more than superficial knowledge, however. It requires coordinated action in the form of testing, implementation, and evaluation to drive towards long-term cybersecurity success.
The bottom line is that the need for cybersecurity skills and, in tandem, cybersecurity professionals, will only increase in the near future. Organisations that prepare for the future of their security programmes, rather than scrambling to block attackers in real time, are the ones that will stand themselves in good stead against the latest threat.