Share

Cybersecurity: Winning the Battle Starts with the Front Lines | eWEEK – eWeek

Constant training and cyber awareness are vital, but they can’t be limited to cybersecurity teams – education must expand to all employees.
According to the Verizon 2021 Data Breach Investigations Report (DBIR), a total of 5,258 verified data breaches happened in 16 industries and four distinct world regions. That’s a significant increase from the 3,950 confirmed breaches from the 2020 DBIR. The report also found that 86% of the breaches were profit driven.
Threats are continuing to evolve, both in volume and type, and organizations can’t always keep up, and remote/hybrid work has exacerbated the situation. Year-round training and cybersecurity awareness refreshers are vital, but they can’t be only for cybersecurity teams – it has to expand to all employees.
Also see: The Successful CISO: How to Build Stakeholder Trust
While the cybersecurity workforce gap has closed slightly, there’s still an estimated shortage of 2.72 million skilled professionals, according to (ISC). While the situation is improving, this is still a huge shortage and businesses are suffering in real ways because of it.
Lack of cybersecurity skills and awareness can be attributed to at least one data breach for 80% of organizations worldwide, according to a recent research report.
In total, 64% of firms worldwide said they have experienced data breaches that resulted in revenue loss, recovery costs and/or fines.
Also see: Secure Access Service Edge: Big Benefits, Big Challenges
“Fast” is a key term when describing cybersecurity events in late 2021 and early 2022. Cyber thieves are designing attacks with unprecedented speed, according to threat intelligence from the second half of 2021. They are continuing to take advantage of the growing attack surface of hybrid employees and IT, employing advanced persistent techniques that are more disruptive and unpredictable than in the past.
Ransomware’s aggressiveness, sophistication and impact remained unabated throughout the second half of 2021. Attackers are continuing to target businesses with a wide range of new and previously unknown ransomware variants. The Kaseya VSA remote monitoring and management technology attack, for example, received a lot of attention due of its pervasive impact. The “breach once, compromise many” aspect of software supply chain attacks was once again demonstrated by this event.
Remote work has further complicated the situation: The transition to remote work increased the need for advanced security measures and awareness, as data is spread across IoT and mobile devices in multiple locations.
Because of the worldwide trend toward digital transformation, technologies like multi-cloud platforms, SaaS, IoT and mobile devices have become indispensable in every business area. Data is being stored in more places, increasing the risk of data leakage or misuse.
Also see: Best Website Scanners 
All these factors further underscore the need for cybersecurity leaders to find and retain skilled talent to help protect their organizations. But cybersecurity duties are not the sole purview of security operations center (SOC) teams and security platforms; basic internet and data safety is something all employees should be trained in.
It’s no longer viable to simply put a firewall at the network’s edge and be done with it. These days, security must be everywhere: at the edge, monitoring every user and tracking and securing every application and workflow from start to finish—particularly when they travel across and between network environments.
Organizations need to equip all network users with the proper training and certifications to prevent threats/data leaks. Cybersecurity talent is spread thin, so organizations need to educate additional staff to help bridge the gap and increase their networks’ protection.
Certification and training for all employees connected to the network, not just cybersecurity personnel, is essential for mitigating breaches and other threats entering the network, as well as helping close the cybersecurity skills gap.
Training and certifications are also ways for firms to address the skills gap. According to a recent survey, 95% of executives believe that technology-focused certifications benefit their role and their team, and 81% prefer hiring candidates who have certifications.
Furthermore, 91% of respondents said they would be willing to pay for a cyber certification for an employee. The fact that certificates validate greater cybersecurity knowledge and awareness is one of the main reasons for their popularity.
Also see: Top Digital Transformation Companies
 Cyber-attacks and successful breaches are at an all-time high, and a cyber skills shortage only exacerbates the security outlook for organizations trying to protect their data and networks.
As the notion of a traditional cybersecurity perimeter evaporates, organizations must adopt new tactics and strategies. When “the human element” is responsible for 85% of successful cybercrime, it’s clear that more needs to be done in the arena of employee education and upskilling. Make sure to include ongoing training and certifications as part of a strategic cybersecurity plan.
About the Author: 
Sandra Wheatley, SVP marketing, threat intelligence and influencer communications, Fortinet 
eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.
Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.
Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

source