Cyberattacks continue to increase, globally impacted by a number of factors including the shift to remote work during the pandemic and also socio-political conflicts, such as the war in Ukraine. Perhaps the largest obstacle to cutting down on attacks, however, remains the massive cyber skills gap and talent shortage.
According to (ISC)2, the global cyber workforce gap increased by 26.2% this year, compared to 2021. There are more than 3.4 million open positions that need to be filled. One reason for this is that organizations tend to stereotype qualified cybersecurity candidates as requiring a deep technical background. This is simply not true, as proper training allows almost anyone to maximize their existing skills to use them in the security industry and be placed in roles where those skills are applicable.
The current workforce can also be upskilled to better protect enterprises from attacks. Generic training, most often driven by compliance requirements, has proven to be ineffective in building and strengthening the organization’s cyber model effectiveness against the continuously changing threat environment. The traditional approach of adding technology to address the widening gap is no longer sufficient to compete with increasingly savvy cybercriminals.
All of these factors highlight the need to invest in building a “human firewall.” To orchestrate such an effort, each employee must be upskilled through training that focuses on a continuous improvement of situational awareness in their role within the organization, as well as all activity on social media both for business and personal reasons.
The training should follow the format of preparation, practice and reflection on results. Training should start by identifying key skills of each employee, which then becomes the target of deliberate practice and training for the purpose of improving their performance, in the use of these skills, to achieve the desired security behavior.
In the preparation stage, the training must continually reinforce current knowledge while simultaneously introducing new knowledge that will strengthen the situational awareness required for their role.
This increased awareness is tested through regular practice scenarios that will result in an increased confidence, on the part of the individual, in their observation of adversary behavior in their environment and the intuition to act at a tempo greater than the attacker can counter.
Joint management and individual reflection on the performance improvement demonstrates the organization’s commitment to invest in the individual and an appreciation of their value. For the organization, this demonstration provides the impetus for the individual’s intrinsic motivation to commit to the process of continuous improvement of their security behavior, the maturing of its cyber defense model, and a better understanding of where the individual can be best placed in this effort.
The organization’s commitment to building the human firewall can be significantly strengthened by the private sector and government working in partnership to make society more cyber resilient and safe. Through the partnership, the ingenuity and innovation of the private sector could be harnessed to affect the framework controls, best practices and certifications that would lead to incentives for the individual industries to develop common performance goals to attain the incentives.