Cisos Must Incorporate Employee Training When Developing Security Strategy

Cisos Must Incorporate Employee Training When Developing Security Strategy

Spotlight

EDSA Busway System To Implement Fully Cashless Transactions With Beep Cards

Cashless transactions via Beep card will begin on October 1.

SM Wins At 2019 Asia Sustainability Reporting Awards

The SM Investments Corporation has bagged yet again another award!

7 Commandments To Revitalize The Country Safely

Medical experts recommend strict health protocols for public transportation.

Alibaba Cloud Launches New Digital Ecosystem Strategy In The Philippines

This will help local businesses adapt further to the new normal!

CISOs are facing a perfect storm when it comes to securing their networks. Cyber attacks are becoming increasingly sophisticated just as corporate networks are becoming more distributed and complex – all while security talent becomes harder to find and security strategy best practices evolve.

In the midst of this turmoil, CISOs are now forced to wrestle with how to prioritize the often-limited time and resources available to them to most effectively secure their networks.

This complex, multi-point challenge is explored in the Forbes Insights survey Making Tough Choices: How CISOs Manage Escalating Threats and Limited Resources, conducted in association with Fortinet. Surveying more than 200 CISOs about their priorities, the report illuminates the challenges CISOs currently face, including a lack of security budget and the belief that the capabilities of cyber criminals are outpacing their network protection abilities.

The survey examines what contributes to these challenges and then explores ways CISOs can effectively address them. While a number of actions CISOs can take are outlined in the report, one of the most clear moves they can take to improve their organization’s overall security posture is to prioritize employee training and create a proactive cybersecurity culture as part of their overall security strategy.

Cybersecurity Challenges At The Employee Level

According to findings from the report, 35% of CISOs cite the lack of a centralized cybersecurity strategy and the lack of support from senior management as top constraints to effective security. But when examining the reasons behind the lack of central strategy, many of the issues seem to start at the employee layer – both among IT employees as well as general employees across the various lines of business.

Skills Gap

First, CISOs are dealing with the effects of the ongoing cybersecurity skills gap. According to the Center for Strategic and International Studies, 82% of employers claim that they are currently suffering from a shortage of cybersecurity professionals within their organization. This shortage has hindered their ability to develop a more strategic approach to their cybersecurity programs, as well as in their ability to keep pace with new threats.

Because the skills shortage prevents IT and security teams from shifting away from their threat-prevention based security strategy to one focused on detection and response, their security teams end up staying focused on tasks aimed at preventing existing threats, rather than using threat intelligence and advanced tools to identify and respond to unknown vulnerabilities and 0 days.

Departmental Buy-In

But that is only part of the challenge. Cybersecurity cannot be the sole responsibility of the IT team. Even if they had adequate resources, IT and security teams still cannot effectively move beyond a tactical approach without buy-in and participation from the executive suite or from the various lines of business.

One of the biggest challenges that occur inside the network perimeter is insider threats. When looking at priorities that CISOs list among various security initiatives, the prevention, detection, and response to insider threats were consistently listed among their top-tier priorities. Managing insider threats and risks, especially unintentional events – like clicking on a phishing link, using weak passwords, or exposing the network to an unsecured device – eat up a lot of the time and resources of the security team, whose time could be better spent managing threats from external sources. To address this, employees across departments must take a more active role in cybersecurity by learning to avoid common attack tactics and assisting security teams in developing an approach to cybersecurity that will be effective without limiting productivity.

Putting Your Employees At The Center Of Your Cybersecurity Strategy

By putting employee development at the center of their cybersecurity strategy, CISOs enable their teams to work more efficiently while taking a holistic, strategic approach to network protection.
There are a few key ways this can be done:

Employee Training

As the skills gap persists, CISOs should ensure their security team has regular opportunities for further education in deploying, configuring, and managing advanced security tools, as well as identifying and addressing new emerging threats. This is especially crucial to enable them to switch from a focus on prevention to a focus on threat detection and remediation. Proficiency in these types of integrated tools provides IT teams with enhanced visibility into how data is used and moved through the network, in addition to simplified management and analytics abilities. This is crucial as networks become more distributed and detection and remediation become increasingly important.

Additionally, the skills gap means organizations are less likely to hire new people with extensive field experience, which means they will have to focus on developing the skillsets of their existing team. To make this easier, Fortinet customers have access to our in-depth, hands-on training on our product suite as well as fundamental security principles through the Fortinet Network Security Expert (NSE) program. The NSE program offers eight course levels, beginning with understanding the threat landscape and the evolution of cybersecurity, through to the ability to configure, install, and troubleshoot a comprehensive security solution. Investing in security training like this enables CISOs to ensure that a strong internal candidate is ready when a position becomes available, as well as assisting in employee retention for essential security staff.

Leverage Automation

Another way CISOs can help increase the productivity of their limited security teams is by giving them back time to focus on strategy. One way to do this is to deploy security solutions that make extensive use of automation through AI and machine learning. Cyberattacks are happening at machine speed – meaning that your security team cannot keep up with threat correlation, or even basic remediation efforts, on their own. Automated solutions can work to respond to anomalous activity and known threats attempting to breach the network – allowing security teams time to focus on strategy and remediation efforts. For example, rather than having security teams working around the clock to detect potential internal threats, they can use machine learning to understand what normal behavior for employees looks like, and then react when behavior deviates. They can also be assigned menial tasks such as inventory management and patching, freeing up human resources to focus on higher-order activities.

Develop A Cyber-Aware Culture

The top answer given by CISOs when asked about security priorities over the next five years, was to “create a culture of security.” This involves training employees across lines of business in good cyber-hygiene. Beyond making sure that employees can identify phishing attacks or know how to update their applications on a regular basis, CISOs should also foster collaboration between departments and the security team. This will reduce instances of inadvertent internal threats, and increase overall buy-in for the security program. Ensuring that lines of business are aware of security strategy, and are happy to work with IT teams to ensure security policies, ensures buy-in across the organization.

By focusing on training and enabling employees to perform basic security tasks such as updating devices, identifying suspicious behaviors, and practicing safe cyber behavior across teams, CISOs can begin to establish a holistic security strategy that can stand up to today’s advanced threats.

Final Thoughts

CISOs are in a challenging position of having to secure increasingly distributed networks from advanced threats with limited resources. By focusing on employee development, enablement, and buy-in, CISOs can create a centralized security strategy that builds collaboration and reallocates security teams away from tactical, reactive work to more proactive and strategic efforts.

‘Mornings With GMA Regional TV’ Airs On September 28

Greet the morning with gratitude and positivity with "Mornings with GMA Regional TV", weekdays at 8 a.m!

EDSA Busway System To Implement Fully Cashless Transactions With Beep Cards

Cashless transactions via Beep card will begin on October 1.

PBA Bubble Protocols Set

Here is the new normal for PBA players:

Iza Finds Out Sam And Jodi’s Secret In ‘Ang Sa Iyo Ay Akin’

Suspicions and questions will be answered this October 1st on "Ang Sa Iyo Ay Akin".

DOH-7 Backs MGCQ Continuation In Central Visayas

Th DOH in Central Visayas supports the decision of President Rodrigo Duterte to place the region under a MGCQ status until end-October.

GenSan Extends GCQ Status Until Oct. 15

General Santos City is placed under GCQ until October 15 due to the rise of COVID-19 cases in the province.

PLDT Begins Clean-Up Of Idle Copper Cables

PLDT launches a cleanup drive to remove copper cables that are no longer in use.

Sen. Gatchalian Addresses The Concerns Of Teachers On National Teachers’ Month

"Ang mga guro ay parang mga sundalong ipapadala natin sa digmaan. Kung hindi natin sisiguruhin ang kanilang kaligtasan, mawawalan sila ng kumpiyansa at hindi tayo magtatagumpay sa pagpapatupad ng distance learning."

Butuan City Holds Training On Online Teaching

The training is free of charge!

Baguio Adds 96 More COVID-19 Isolation Beds

Baguio City now has a total of 300 isolation beds with the opening of 96 more at the Superintendent's quarters in Teachers’ Camp.