{"id":43771,"date":"2022-03-01T08:52:50","date_gmt":"2022-03-01T13:52:50","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&#038;p=43771"},"modified":"2023-07-13T04:19:10","modified_gmt":"2023-07-13T08:19:10","slug":"research-cybersecurity-skills-training","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/research-cybersecurity-skills-training\/43771\/","title":{"rendered":"Why successful companies invest in cybersecurity skills"},"content":{"rendered":"<p>Arming your cybersecurity team with the right skills and experience is a crucial first step in facing down threats.<\/p>\n<p>In partnership with Longitude, a Financial Times company, Kaspersky surveyed 750 leaders at enterprises around the world about their approach to cybersecurity. The research found a small group of companies strongly believe their cybersecurity training programs can keep pace with the ever-changing threat landscape.<\/p>\n<p>Dubbed the Skills Leaders, these businesses have better security outcomes. About three-quarters (74 percent) say they\u2019re prepared for employees accidentally creating a cybersecurity threat \u2013 such as falling for a <a href=\"https:\/\/www.kaspersky.com\/resource-center\/preemptive-safety\/phishing-prevention-tips\" target=\"_blank\" rel=\"noopener nofollow\">phishing<\/a> scheme \u2013 compared with only half (49 percent) of the rest.<\/p>\n<p>This is good news, because cybersecurity skills are in short supply. In 2021, <a href=\"https:\/\/blogs.microsoft.com\/blog\/2021\/10\/28\/america-faces-a-cybersecurity-skills-crisis-microsoft-launches-national-campaign-to-help-community-colleges-expand-the-cybersecurity-workforce\/\" target=\"_blank\" rel=\"noopener nofollow\">Microsoft announced the US is facing a cybersecurity skills crisis<\/a>, citing that more than one in 20 of all open jobs in the country require cybersecurity skills.<\/p>\n<p>In the same year, research by Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) found <a href=\"https:\/\/www.issa.org\/cybersecurity-skills-crisis-continues-for-fifth-year-perpetuated-by-lack-of-business-investment\/\" target=\"_blank\" rel=\"noopener nofollow\">95 percent of cybersecurity employees globally believe the skills gap has not improved in recent years<\/a>. Our research found one-third (34 percent) believe this shortage will get worse in the next two years.<\/p>\n\t\t\t<div class=\"c-promo-product\">\n\t\t\t\t\t\t<article class=\"c-card c-card--link c-card--medium@sm c-card--aside-hor@lg\">\n\t\t\t\t<div class=\"c-card__body  \">\n\t\t\t\t\t<header class=\"c-card__header\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p class=\"c-card__headline\">Superior cybersecurity<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t<div class=\"c-card__desc \">\n\t\t\t\t\t\t\t<p>New research from Kaspersky in partnership with the Financial Times Commercial department shows that diversity, collaboration and training can help protect enterprise from major cyber threats.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"c-card__aside\">\n\t\t\t\t\t<a href=\"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/three-steps-superior-cybersecurity\/43834\/\" class=\"c-button c-card__link\" target=\"_blank\" rel=\"noopener nofollow\">See research<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\n<p>But the Skills Leaders are a small group \u2014 just eight percent of the research sample. How can more organizations follow their lead?<\/p>\n<h2>Three ways to upskill your workforce in cybersecurity<\/h2>\n<h3>1. Train everyone, not just IT<\/h3>\n<p>It\u2019s not just the cybersecurity team that should be on constant alert for threats. Employee-wide updates and reminders help make security part of company culture.<\/p>\n<p>\u201cPeople need to keep their software up to date, understand how to encrypt their internet traffic and not use public Wi-Fi,\u201d says Shawnee Delaney, CEO of US-based insider threat specialist Vaillance Group. \u201cThese are general cyber hygiene practices, and they\u2019re critical.<\/p>\n<blockquote><p>When people were in their daily routine before the pandemic, they would notice when something was outside of the norm. Now things have opened up and people are travelling around again, guards go down. That\u2019s where training comes in.<\/p>\n<cite><p>Shawnee Delaney, CEO, Vaillance Group<\/p><\/cite><\/blockquote>\n<p>Reducing human error is crucial. Technology researchers Gartner predicts that by the end of 2025, <a href=\"https:\/\/venturebeat.com\/2021\/08\/12\/takeaways-from-gartners-2021-hype-cycle-for-cloud-security-report\/\" target=\"_blank\" rel=\"noopener nofollow\">more than 99 percent of cloud breaches will arise from preventable user misconfigurations or mistakes<\/a>. One way to reduce these errors is to introduce cybersecurity \u2018tests\u2019 to see how employees respond to threats and increase training for those who fail them.<\/p>\n<p>This is what Ricardo Lafosse, Chief Information Security Officer (CISO) at Kraft Heinz, does. \u201cIt\u2019s probably one of our best ways to see whether a malicious actor could mislead our employees and get into our organization using phishing techniques,\u201d he says.<\/p>\n<h3>2. Update your coaching techniques<\/h3>\n<p>Training must also move with the times to keep up with the evolving threat landscape. The Skills Leaders identified in the research seem to understand this.<\/p>\n<p>They\u2019re more likely to be forward-thinking with their training. About two-thirds (67 percent) say it will be very important to carry out <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/cyber-security-training\" target=\"_blank\" rel=\"noopener nofollow\">immersive cybersecurity training<\/a> (gamification and simulations to recreate real attacks) in the next two years, compared with less than half (49 percent) of the rest.<\/p>\n<p>\u201cCybersecurity training is often perceived as a formality, but one-off training is not enough,\u201d says Evgeniya Naumova, Executive Vice President of Corporate Business at Kaspersky. \u201cBehavioral change won\u2019t appear with the wave of a magic wand. It takes commitment and practice for acquired skills to become habit. Continuous learning is especially important for enterprises to prepare teams for the evolving threat landscape.\u201d<\/p>\n<p>Staying up to date also means being able to change strategy fast. To combat new threats as effectively as possible, Kraft Heinz\u2019s Lafosse prioritizes agility and flexibility in his cybersecurity team.<\/p>\n<blockquote><p>We have a \u2018fail fast\u2019 mentality. If we start an initiative and it\u2019s not working, we can pull it right back and recalibrate. That\u2019s something we institutionalize in the program.<\/p>\n<cite><p>Ricardo Lafosse, CISO, Kraft Heinz<\/p><\/cite><\/blockquote>\n<h3>3. Put cybersecurity at the heart of recruitment<\/h3>\n<p>Upskilling in cybersecurity will inevitably involve addressing the skills gap. And that could force companies to take an innovative approach to recruitment, like hiring candidates with non-IT backgrounds.<\/p>\n<p>The research found the Skills Leaders are more likely to embed cybersecurity awareness in their recruitment and onboarding processes, stressing the need for high cybersecurity standards from the start.<\/p>\n<p>Enterprises with a multinational presence must ensure they approach cybersecurity consistently across their global operations. It only takes one cyber threat in one region to potentially wreak havoc across the whole organization.<\/p>\n<p>The skills gap is a big challenge for enterprise cybersecurity teams. To be protected against the full range of evolving threats, enterprises must do all they can to fill it. That means expanding recruitment, preparing their existing workforces by keeping them abreast of changes and training them right from the start.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations with cybersecurity skills programs that can keep pace are better prepared for cyberattacks. How can your business become a \u2018skills leader\u2019?<\/p>\n","protected":false},"author":2521,"featured_media":43772,"template":"","coauthors":[3452],"class_list":{"0":"post-43771","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity-training-cybersecurity","7":"emagazine-category-leadership","8":"emagazine-tag-research","9":"emagazine-tag-skills"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/research-cybersecurity-skills-training\/43771\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/research-cybersecurity-skills-training\/26238\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/43771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2521"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/43772"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=43771"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=43771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}