The future of cyber-security education

Richard Woolfrey at Fortinet explores the way that information security training and skills development is evolving

 

Cyber-security is not just about technology, it’s also about an organisations culture and people. This is because employees are often the first and strongest line of defence against a potential attack – acting as a human firewall as a result.  

 

With an attack having far-reaching consequences for an organisation, how can leaders begin to build a cyber-aware workforce? This starts with educating staff on cyber-security, and ensuring they are adequately equipped with the skills and knowledge needed to spot the first signs of attack. This will ensure organisations remain protected against the cyber-threat landscape – both now and in the future. 

 

The evolving threat landscape 

It’s clear the cyber-security landscape is shifting as innovative technologies, such as AI, continue to change the nature of the threats businesses face. In fact, our research report found that 87% of organisations has experienced one or more security breaches in 2023, with 53% reporting over $1 million in lost revenues, fines and other expenses as a result. This expense is just one reason why cyber-security education must evolve alongside cyber-threats. 

 

We are witnessing a shift towards increasingly advanced techniques (such as advanced persistent threats, ransomware and zero-day exploits), alongside new technologies introducing fresh attack vectors. These developments pose significant challenges to organisations. They, and their employees must, therefore, be equipped to spot and mitigate the latest threats as they grow in prominence, rather than after an attack has taken place.  

 

As rapid technology evolution shows no signs of slowing down, the organisations which struggle to adapt will become easy targets for cyber-criminals. The consequences of such can be severe, including data breaches, financial losses and reputational damage. Businesses, therefore, must prioritise building their first line of defence – their workforce. 

 

The human firewall 

This starts with the building of a human firewall – a group of individuals from various teams and departments who help promote cyber-security best practices across an organisation. 

 

With regular employees vital to an organisation’s security, having a human firewall helps foster a strong culture of security and education, helping stop the negligent and careless security behaviours which could have long lasting consequences on a business. 

 

But what are the steps to building a human firewall? 

 

1. Cyber-awareness training 

The first step is to prioritise training. All staff must be equipped with the knowledge and skills necessary to stop attacks from reaching their intended target. Regardless of job titles or roles, employees must understand the repercussions of a security event and the impact of that on the business and themselves. 

 

It is also essential for organisations to move beyond the approach of one-off training sessions, instead adapting to a continuous learning approach. This is all fundamental to helping employees take cyber-security seriously. As such, training should be an integral part of a holistic cyber-security strategy and must align with the company’s policies, plans and strategies. Doing this will ensure a cohesive approach to threat mitigation to help fill knowledge gaps whatever the level of cyber-security understanding is within a workforce.  

 

2. Partnership between security and others 

As cyber-threats grow in their sophistication, cyber-security must fall on the shoulders of more than just security and IT teams – this is an expectation that must be set by business leaders. Collaboration between these teams and other departments will be critical in helping create bitesize and understandable training programmes, as well as user-friendly policies which are easy to follow both in the office and remote working environments. 

 

The importance of fostering collaboration and communication within an organisation cannot be overstated. Incident response relies on teamwork. Workers must feel comfortable reporting potential threats to IT and security teams so they can quickly and effectively stop cyber-criminals before it’s too late. 

 

3. Establishing best practices 

Best practices must be simple to follow and need to go just beyond spotting a potential attack. While, for example, some phishing threats are easy to spot, what do employee do when they aren’t sure if an email is a threat or not? Guidance is necessary. As such, IT and security teams must encourage employees to take extra steps to protect themselves and their organisations, while providing simple and correct counsel around how to do this. 

 

An ongoing process

Cyber-security education must be an ongoing process which adapts in line with the threat landscape. Doing this will also help businesses foster a culture of security awareness across all levels and create an environment where security is a shared responsibility. This will better protect organisations against the risks they face as attack methods continue to change and evolve. 

 

By adopting a holistic approach that includes integrating a human fire wall, ongoing and comprehensive training, organisational collaboration, and best practices, organisations can empower their teams to better understand and mitigate these risks to stay secure. 

 

---

 

Richard Woolfrey is Regional Director, UK&I at Fortinet

 

Main image courtesy of iStockPhoto.com and SARINYAPINNGAM