How to combat the skills shortage
With the constant challenge of finding, recruiting and retaining skilled cybersecurity professionals, CISOs need to take steps to tackle this issue.
The industry is boosting training, professional development and cooperation between learning organisations, but senior cybersecurity professionals can’t wait years for the changes to make their way to the front line.
What steps can CISOs take now?
This white paper, provided by our valued supporter SentinelOne, an industry leader in artificial intelligence endpoint security technology, explores how organisations and security leaders can tackle this issue through:
- Identifying the problem
- Adopting methods that allow for lower skill levels to flourish
- Engaging other departments beyond security
- Raising awareness of cyber attacks
- Increasing network visibility; and,
- Future-proofing your recruitment strategy
Brought to you by SentinelOne and the SASIG.
Chapter 3: Raise Awareness About Cyber Attacks
You might not be able to give every member of your staff a taste of “a day in the life of a security engineer”, but for those that you can’t, education is a powerful weapon that will reduce your SOC’s workload. Increase the conversations in your workplace that concern security with more than just occasional “Security awareness” seminars (although don’t forget to run those, too!). Increasing awareness creates more vigilant staff, and more vigilance means less chance of attacks ever getting past your weakest line of defense: the people on your network. That, in turn, will help lessen the burden on your SOC or IT security team.
With phishing and spear-phishing campaigns the primary vector of credential theft, consider running regular phishing awareness and phishing simulation campaigns on your staff to make them aware of just how convincing phishing attacks can be.
On top of that, if you’re not employing some kind of media or device control on your endpoints, raise awareness about the dangers of infected USBs and just how easy it is for employees to unwittingly compromise the firm’s security. You could even consider replicating the famous USB key dropping test carried out at the University of Illinois. Social engineering keys are the easiest to create as they use simple HTML files and phish users for credentials.
The point is try to think creatively about how to engage staff with security issues that intersect with their everyday work and practices. Whether it’s the folk in Marketing and Sales, Finance and Accounting, or R&D and Engineering, cybersecurity comes into contact with them all. However you do it, aim to integrate all your staff as “security partners” and avoid isolating your IT team. If your security team is hiding away under the stairs or in a small back office, you’re insulating your staff and the knowledge they hold not just from each other but also from the security issues that face your entire business.