Evidence suggests there is a global cybersecurity skills shortage affecting businesses and governments alike. Which means that organizations are struggling to fill their cybersecurity vacancies.

With the volume and severity of breaches in recent years, it’s unsurprising that businesses are now recognising the risk. As a result they begin to respond accordingly.

In fact, global security spending is predicted to reach $1.75 trillion by 2025. To many, this might seem like a positive step – but we need to consider where that money is going.

A very common tactic adopted by organizations is to throw money at the problem. But it’s proven to be ineffective and can end up making the problem worse. By deploying hundreds of disparate security products to tackle individual weaknesses, the business can become overwhelmed. At the same time, teams will miss the bigger picture.

The importance of workforce

Security awareness training usually takes a fixed approach where one cyber threat is tackled at a time. Workers are not taught to defend the company from threats. Instead, they train themselves with multiple-choice questions that they can easily forget.

It bears no relevance to the role these workers will play in the midst of a crisis. And treats them like vulnerabilities – not defensive assets.

Each member of the workforce has value to add. So instead of these outdated and ineffective methods, organisations need to focus on three simple factors. With this in mind, they can develop the cyber capabilities of their entire workforce. Those factors are: exercising, evidencing and equipping.

In other words:

• continually benchmark the knowledge, skills, and judgement of the workforce;
• demonstrate risk levels across all business functions by using data gathered from simulations;
• and use regular cyber exercises to plug any skill gaps. These criteria are critical.

New strategies needed to close the cybersecurity skills gap

Foto de concepto creado por Waewkidja – www.freepik.es