In our last blog, we wrote about how 80% of organizations attribute at least one breach they have suffered to a lack of cybersecurity skills or awareness, with more than half of these breaches costing at least $1 million. Let that sink in. 80%. And this week, Cybereason’s “Ransomware - The True Cost to Business, 2022” reported 73% of businesses have been targeted by ransomware in the past 24 months, up 18% from 55% last year! It is revealing to ask what actions the victims of these attacks have decided they need to take? After investing in more cyber insurance (or at least, paying more), the next biggest gap they are filling is staffing and training.
The cold hard truth is that the traditional IT network talent pool simply isn’t deep enough to fill this growing void. So if your human capital plans still look like they did in the 2000’s, WAKE UP; this problem needs a total enterprise approach and new thinking in talent strategy. Yet as we’ve been saying, there is hope: companies can invest in and upskill their general workforces to reduce their human vulnerabilities and can tap the sizable influx of newcomers from Gen Z and millennials entering the cyber workforce from outside of IT.
Let's dig in by discussing why the cybersecurity skills gap is a solvable problem and what you can do about it right now. Keep reading as we share some ways you can break the cyber victim cycle through a forward-thinking cybersecurity talent strategy.
1. Relevant & Ample Training Content
In the past, much of cybersecurity training has been created in-house and has concentrated on compliance. Many organizations have been too inwardly focused and compartmentalized to see that sophisticated cyberattacks have evolved into a whole-of-business, whole-of-supply-chain scenario. That’s why turning to the right outside experts and solutions that understand how adversaries are targeting whole industries today and can keep your people up-to-date on these threats is a strategic and powerful move. Not moving past annual compliance training is rearranging deck chairs on the Titanic, but if you like being with the herd - you have plenty of fellow travelers as 80% of companies have learned.
2. Hands-On, Up-to-Date Learning
If you ask your people you will find out that they have an appetite for learning how to recognize and avoid cybercrime. They hear the stories of ransomware and business email compromise, and they see it in their private lives too. You just need to meet them where they are. They need training that is hands-on for the role they play and tells them what to watch for right now, with ongoing reinforcement. This method also increases learning retention levels as research in education science on active learning shows. Trust that with the right training and right intelligence that meets them at their level, they can be your first line of cyber defense.
3. Workforce Planning
Although 76% of board of directors members globally recommend increases in IT and cybersecurity headcount, there remains a huge shortage of qualified professionals to satisfy these mandates. This makes it difficult and expensive to recruit and hire top talent in such a competitive job market.
A strategic workforce plan will help you maximize the skills, talent, and time of your existing employees. These employees do not even have to currently work in cybersecurity roles—there are other fields such as IT product support, UI/UX development, finance and accounting that can translate well. Begin assessing the make-up of your people and identify those for growth who can be upskilled with the cyber skills and abilities to fill some of the gaps. You will spend far less developing a trusted employee from outside of IT or an entry-level specialist from a non-traditional pathway for these job-appropriate roles than you will throwing cash at the revolving door of the 80% who regret not having thought through the problem. Bonus time - you’ll also find that you will stem attrition and reduce turnover cost for your most valued employees across the board.
4. Skills-Based Assessments
There’s no doubt that certifications are a valuable part of building a career in cybersecurity. They can serve as skill benchmarks and highlight a person’s specializations, job experience, integrity, and more. However, not all certifications are created equal - make sure to know when they are useful as basic screening criteria and what they reveal about job competency. Also, recognize that they say nothing about behavioral fit or capacity for critical thinking and learning - all key aspects for cyber professionals.
Regardless of your opinion on certifications, some employers place too much stock on them during the hiring or promotion process. That’s why skill-based assessments may be more effective than certifications at putting the right person in the right seat. These assessments can provide candidates with the opportunity to display their critical thinking, knowledge, skills, creativity, and more.
Support Your Team With 418 Intelligence
418 Intelligence provides your organization with access to cybersecurity skills and talent at all levels and budgets with hands-on real-world skills, and, when needed, crowdsourced support from rated experts available on-demand. Don’t let the skills gap and old thinking imperil your business any longer. Let’s start a conversation today.
