People-first. Technology-enabled.

Cybersecurity Skills Gaps Compounding Vulnerabilities

The adversaries are getting smarter, while the use of cloud and SAAS-based systems are making protection of data even that more complex. Additionally, ‘zero-day’ attacks are creating data breaches at alarming rates across an unprepared, global marketplace. These large-scale breaches continue to erode consumer and investor confidence and the threat appears to be worsening, as reports of threats to critical infrastructure industries, including energy, finance, and transportation can have profound national security implications. And to make matters even more difficult, organizations struggle with having the talent to address their cyber security vulnerabilities, given the 1.8 million in predicted shortage of cyber personnel in 2022, according to Frost & Sullivan.

Invest in a Culture of Cybersecurity Responsibility

One of the greatest concerns of public and private sector leaders in an age of system vulnerability is Trust. Trust is at the center of most transactions; without it, commerce comes to a halt. As a result, a people-first, technology-enabled, approach to mitigating cybersecurity vulnerabilities is a growing trend to protect this critical nucleus of commerce. Major General Dale Meyerrose – first Presidentially-appointed, Senate-confirmed CIO for ODNI – succinctly stated, “Cybersecurity is what you do – not something that you buy.” Many organizations are now infusing the responsibility of security awareness and critical thinking into the non-technical culture of the organization – business, marketing, finance, accounting, human resources and operations. A first step in this cultural transition is asking the right questions.

Where to Start? FITCE cybersecurity training is aligned with the NICE Framework to ensure your staff has the right skills for the right role at the right level.

TOP 10 Questions
to Cultivate Enterprise-wide Cybersecurity Responsibility –

Organizational leaders seeking to improve collaboration, accelerate organizational agility and foster a creative, problem-solving mindset, should consider the following initiatives –

  1. Do all employees have a concise and consistent understanding of how our organization views and manages security of our property, systems and data?
  1. Have all employees’ job function been modified to included security awareness?
  1. Are employees asking themselves and their colleagues prior to every action – “Could this current action create a vulnerability for myself, my network or my organization?”
  1. Are proactive discussions of system and data security included in all business decisions?
  1. Do customer-facing employees fully recognize the importance and sensitivity of our customer data, and its proper storage, protection and retrieval?
  1. Is there a defined, cross-departmental triage plan when a cyber event (breach) occurs?
  1. Are employees proactively and reactively reporting system and data vulnerabilities to a dedicated, organizational resource, or team? Are there incentives to do so?
  1. Do employees feel confident about their own capabilities to help mitigate vulnerabilities? If not, do they have ease of access to professionals with the required expertise?
  1. Are employees, and our support personnel, routinely briefed on the threats, and their frequency, to our organization and its assets?
  1. Is the organization encouraging enterprise-wide collaboration, communication and critical thinking on system and data protection? How are these skills being developed?

Enabling Responsibility within the Workforce

If the above top 10 questions have highlighted vulnerarabilities, here’s how you can enable security responsibility within your workforce. Enabling responsibility across the entire enterprise starts with creating broad and relevant awareness. Extending the responsibility of system and data protection outside of IT and into the primary department functions of an organization increases threat awareness, institutional integrity and personal reliability. Achieving sustainable results in this action requires a formal commitment across all People in the organization, supported by Process and Technology.

FITCE has identified five critical actions to enable enterprise-wide responsibility across any public or private sector workforce.

Develop Cyber Hygiene

The National Security Agency (NSA) identified Cyber Hygiene as a substantial priority for any organization, as several of the network and data breaches on record could have been prevented with basic cyber hygiene. According to Forbes, cyber hygiene disciplines occur over three phases – planning, execution and check. These disciplines include, but not limited to, hardening techniques, patching, network segmentation, security of both protocols and authentication credentials. This effort is a continuous process as adversaries are always innovating.

Adopt NIST & NICE Cybersecurity Frameworks

The National Institute of Standards and Technology (NIST) – an agency of the Department of Commerce – has released one of the most comprehensive, and widely adopted, frameworks that provides guidance in assessing organizational maturity across five functional areas for cybersecurity – Identify, Protect, Detect, Respond and Recover. Furthermore, the National Initiative for Cybersecurity Education (NICE) established a framework identifying common cybersecurity functions, specialty areas and job roles; highlighting the knowledge, skills and abilities to effectively protect organizational assets. See the presentation below for more detail on Learning Tree’s course offerings to advance knowledge and skills across the cybersecurity roles defined in the NICE framework.

Establish Risk Management Posture

The biggest risk to protecting information and information systems in modern business operations are untrained employees and corrupt inside actors. Modern cybersecurity strategies now employ an enterprise-wide risk management posture across the entire organization, rather than isolating this strategy within IT. As part of this posture, organizational leaders continually consult with internal and external cybersecurity experts to review their human capital talent and critical thinking capabilities, business processes, system design, access management and the policies and safeguards governing organizational assets.

Build a Multidisciplinary Program

To combat the forces of threat actors attempting to penetrate your systems and steal your data, an organization must create an adaptive environment in which the workforce must no longer operate in silos, but rather as multidisciplinary, agile teams. Job functions and the roles associated with them must be able to rapidly adjust for the variable influences on their responsibilities. Further, the workforce needs the flexibility of rapidly developing and integrating new skills and capabilities, as the cyber landscape continues to evolve.

Continuous Recruitment & Retention Process

Given the war for cyber talent, HR and Employee Development departments must establish a revised and continuous strategy for attracting and retaining these key hires. Department leaders must encourage more enterprise-wide adoption of security awareness to not overly burden dedicated security personnel. Also, HR professionals must also seek individuals that have the innate skills, but not necessary the technical degrees, and develop those individuals to help address the cyber skills gap.

Featured Resources Supported During Cybersecurity Awareness Month (#CyberSecMonth)

In recognition of the 15th annual National Cybersecurity Awareness Month - NCASM* recognized throughout North America, FITCE offers you complimentary cyber resources to help apply best practices and adopt a proactive posture in your organization and in your life.

WEEK 1: Make Your Home a Haven for Online Safety

Free MOOC Security Training

Privacy and Security Go Hand in Hand

Market Trends Cyber Report

Cyber Security for Management & The Boardroom

How Social Media Posts Can Lead to Identity Theft

No More Signatures! Am I Still Safe?

Lock The Door: Securing Your Home or Small Business Router

WEEK 2: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity

State of the Cyber Workforce 2018

CompTIA Cybersecurity Career Pathway – with Stackable Certification Bundles

Cyber Security Is Not Just For Computer Nerds

Manage Expectations to More Easily Pass Certification Exams

When Two-factor Authentication Goes Wrong

Defend Your Organization From Cyber Threats

WEEK 3: It’s Everyone’s Job to Ensure Online Safety at Work

Customer Service: Avoid Falling Victim to Social Engineering

HTTPS secures site traffic from eavesdropping, but how much?

How to Enter The Cybersecurity Field

The Seriousness of the Cybersecurity Staffing Shortage

Cyber Attacks: The Knowns & Unknowns

Thinking in the Security Context

WEEK 4: Safeguarding the Nation’s Critical Infrastructure

What Are The Cybersecurity Challenges Associated With Cloud Computing?

How to Choose a Cybersecurity Certification

Should I Become a Certified Ethical Hacker?

BYOD Security

Top IoT Vulnerabilities

How Amazon, FB & Google are Shaping the Future of Cyber

What is Multi-Factor Authentication?

How to Implement a People-First Cyber Culture

Contact FITCE – a global leader in supporting organizations to gain the right skills, for the right people protecting your organizational assets. We’ll get you in touch with our team of expert cyber consultants who are qualified to listen, learn and support your workforce development needs as a critical component of improving enterprise-wide cyber awareness, responsibility and capabilities.

Preferred method of contact?