It is more important than ever to ensure that all employees have the right skills and awareness to protect corporate networks. As cyber attackers evolve their thinking with which to attack organizations, internal cyber security training must be at the forefront of your cyber security strategy. With this in mind, here are some tips for improving cybersecurity training within your organization to help everyone defend their networks.
Ongoing strategic communication
It is important for companies in all industries to conduct regular training on the dangers of cybercrime. In addition, security her leaders must regularly update employees on strategies, including important emerging risks.
“Adequate cyber security training and awareness should include outsourcing white hat hacking and phishing campaigns to imitate real-world attacks, as a team will therefore begin to understand the dangers and consequences that come with insufficient knowledge and poor defence systems,” said Rick Jones, CEO of DigitalXRAID.
“When employees recognise an attack and report it, CEOs must remember to support and reward their team in order to further incentivise vigilant behaviour.
“Alongside training sessions, information about a company’s cyber security strategy should be regularly communicated with the team. Business directors should strive to integrate cyber updates into their weekly team meetings, while internal NetOps and SecOps teams have an important role to play in ensuring that the C-suite remains constantly informed of any new scams or vulnerabilities that may pose a threat to business security.
“Ultimately, education, information and training lie at the centre of any successful cyber security strategy.”
Harjott Atrii, executive vice-president and global head of the digital foundation services at Zensar Technologies, added:
“Creating awareness is critical as each employee is responsible for practicing cyber security protocols. “Regular communication about the evolving nature of threats and sharing best practices on how individuals can follow simple protection tips can go a long way in stopping attacks.”
“It also helps to update logs and establish an internal task force to actively monitor all incidents.”
Make it personal and relatable
An important part of keeping employees engaged in cybersecurity is to explain how the consequences can specifically affect employees if they are not properly protected.
“People tend not to care about the impact of a security breach unless they feel personally involved,” said James Spiteri, senior his security specialist at Elastic. .
“Going beyond theory, we provide training that shows real-world risks and impacts and engages individuals. For example, we simulate attacks to demonstrate that weak passwords and poor personal account security hygiene can lead to problems such as photos and payments. Showing how it leads to unwanted access to an individual’s personal information, such as details, can be very effective in changing behavior.
“Teams need to find trusted tools to solve the complexities of cybersecurity. Depicting cybersecurity issues through relevant objects such as phones and mundane situations such as connecting to public Wi-Fi can increase employees’ awareness of their digital footprint, making it easier for them to disseminate information without being aware of it. It helps to show how easy it is. ”
Andrew Daniels, his CIO and CISO at Druva, explains how introducing tests and encouraging employees to report when they discover attacks helps keep the workforce vigilant. explained.
Mr Daniels said:
“Some people may disagree, but testing employees with mock attacks helps them stay alert to risks.It gives us a better idea of who needs more training. It’s worth it for those who are able to and need to learn from more concrete examples.
“But simulation alone doesn’t work. Even if it’s your own testing, you need to encourage and recognize them when they report a phishing attack. “This could be a simple response of thanking the employee for reporting it and telling them what they found, such as a test or legitimate attack. This will encourage them to continue reporting. I guess.”
Build test and sandbox environments
Another aspect to consider is setting up specific environments for testing and sandboxing. With such an infrastructure in place, teams can build their security skills in a governed digital space.
ISG Partner Julien Escribe explained how the emergence of security labs has helped improve the effectiveness of his training initiative.
“The need for privacy, GDPR compliance, and increased hacking activity have led organizations to place more emphasis on cybersecurity training.
“The new cyber security labs being rolled out (offered in-house and/or as a managed service) will help with training, experimentation and sandboxing. The new format of training includes cyber risk socialization through in-house workshops, mailing lists, hackathons, and short videos followed by quizzes.
“Some companies also use techniques such as organized phishing (managed and secure) to measure training effectiveness.”
Cybersecurity initiatives such as Capture the Flag and hackathons are known to contribute to security skills development in an interactive way and can be conducted in a lab environment.
Rainer Saks, Managing Director of Cybexer, said:
“There is special training that should be provided to information security teams. Users need to be given the opportunity to collaborate in realistic, powerful and trusted virtual environments that allow them to react to scenarios in real time.
“This training can be accomplished using advanced cyber-scopes that can mimic IT systems. Conduct task-driven capture-the-flag (CTF), live fire training, or a combination of both (threat hunting). It is also very important for teams to learn how to work together and navigate the system, even under high stress.
“Building cyber reach can be expensive, but without the right cybersecurity strategy, the cost of unpreparedness can be much higher. It makes sense to buy and operate a division, but even small businesses can afford to buy CTF, live fire and threat hunting training from cybersecurity companies with knowledge and capabilities.”
Consider industry and ethics
Adequate and thorough cybersecurity education is of paramount importance in any industry today, but this does not mean that such efforts should not consider certain sectors. Each industry has its own set of assets, such as financial data in the banking industry or patient data in the healthcare industry, and training should be tailored accordingly.
According to Ramsés Gallego, Micro Focus’s international chief technology officer for cyber security, this, combined with considering the ethics of security tools, will go a long way in securing networks properly.
“There are many opportunities for training and professional certification in the cybersecurity industry,” Gallego said.
“However, accreditation is only the beginning, and efforts to improve cybersecurity training and standards in-house must be programmatically driven to be successful. All training is part of an overall cybersecurity strategy. should be considered a department and continually updated as the threat evolves. “It also needs to be specific to the company’s industry and an accurate representation of what security professionals encounter in the real world. We need to provide knowledge, knowledge and preparation while also understanding the ethics of developing cybersecurity solutions.”