Tag Archives: digital

Does Cybersecurity Need A Rebrand?

Posted on by

Contrary to some popular perceptions, cybersecurity is not about defending against men in ski masks hunched over laptops. Similarly, cyber attacks don’t consist of hackers typing furiously on a keyboard before declaring “I’m in.”

In reality, cybersecurity is an aspect of IT management that is an issue because of the evolving nature of threats and a relative lack of professionals in the field. Those with a better sense of the workings of cybersecurity may picture an expert as an IT specialist trying to contend with the many vulnerabilities inherent in any enterprise system.

In reality, the work is more satisfying than stressful. Whether you work in the IT department for a company or a managed services offering for cybersecurity (as I am), it can be fulfilling to know that you’re acting as a gatekeeper for one or more organizations. There seem to be some misconceptions about the industry in general. The challenges in the form of numerous cyber attacks can be seen, but it has never been a better time to break into the industry.

The Information Bind

One of the issues facing the industry is a simple lack of information. According to a survey from the University of Phoenix, most US adults are not aware of many of the cybersecurity jobs available. This is compounded by a large percentage who are not aware of the education they would need to prepare themselves for such a career, even if they have a background in skills such as programming and data analytics. It may be that, as a still-developing industry, that colleges and universities will have to emphasize cybersecurity as a career option.

Are You a Problem Solver?

As another angle, it’s worth considering the mindset required by anybody looking to break into cybersecurity. Though the technical skills necessary to get into the field exist in abundance, aspiring cybersecurity professionals should think about whether they have the problem-solving mindset. In cybersecurity, situations can change in an instant, and the ability to adapt to new information is something that cannot be taught.

More Than Just Technical Skill

In cybersecurity, strengths come not only from the ability to work with enterprise systems and identify potential attack platforms but interpersonal skills as well. A CISO or similar will need to impart critical information to employees to respond to a breach or train them in best practices. A professional in the industry shouldn’t work independently of any other department—they should be actively involved in the affairs of their organization.

Diversity

Diversity is also something that the cybersecurity industry has struggled with in recent years, even as it has been proven that diverse perspectives provide benefit to any workplace. As previously mentioned, problem-solving is essential, and attracting a more diverse crop of candidates can lead to even more opportunities in the industry. It comes down to existing professionals to appeal to top talent, selling the many opportunities available to anybody making the switch to cybersecurity.

Get Employees Invested In Cybersecurity

Posted on by

As summer starts to come to a close and those beach towels get stored in attics for another year, there’s still a genuine danger. Hint: it isn’t sharks.

In fact, the summer months are the most dangerous for enterprises when it comes to cybersecurity. As crimes such as burglary increase in the summer, so too do cyber crimes, as malicious individuals take advantage of employees attempting to access unsecured wifi networks. On top of that, IT departments may be less able to respond to attacks promptly.

Because of this, it is more important than ever for employees to be safe, even when out of the office on vacation. I wrote recently on the value of a cybersecurity education program for enterprises but would like to go more into depth about the steps a company can take to get employees as engaged as possible with using company systems safely.

Don’t Make Training A One-Time Event.

Even if training is very well structured, a single course over an hour or two is unlikely to make a lasting impression. Some experts believe that even repeating this training on an annual basis is unlikely to have the desired effect.

It’s understandable that enterprises wouldn’t want to get locked into regular cybersecurity training, though erring on the side of caution is valuable for any organization. One happy medium is cybersecurity drills, in which false phishing emails are sent to employees. The company can then track how many people clicked on the email, and break down progress by the department. Other types of threats can also be simulated, monitoring progress between training sessions.

Give Employees The Responsibility.

Though every employee should be involved in good cyber practices, it helps if they have somebody to refer to on a moment-to-moment basis when in doubt. Specialized training for employees interested in learning cybersecurity can help an organization create liaisons if dedicated IT staff are not available. This saves companies the trouble of reevaluating IT staffing while expanding the knowledge base among employees.

Make Reporting Easy

Training is entirely pointless if employees do not feel comfortable reporting potential issues. Regardless of who investigates potential threats, it should be simple and easy for employees to flag them if a problem arises. An easily-accessed form can go a long way toward bridging the gap between these employees.

For that matter, it is also valuable to give IT staff education about how to talk to employees about cybersecurity issues. They may not get a good sense of the knowledge level of an average employee, or express their frustration if a colleague makes a mistake. An empathetic approach works best, in which they work to fix problems rather than scold employees for errors. This makes individuals much more willing to come forward with the issues they encounter.