According to the Verizon 2021 Data Breach Investigations Report (DBIR), a total of 5,258 verified data breaches happened in 16 industries and four distinct world regions. That’s a significant increase from the 3,950 confirmed breaches from the 2020 DBIR. The report also found that 86% of the breaches were profit driven.
Threats are continuing to evolve, both in volume and type, and organizations can’t always keep up, and remote/hybrid work has exacerbated the situation. Year-round training and cybersecurity awareness refreshers are vital, but they can’t be only for cybersecurity teams – it has to expand to all employees.
Also see: The Successful CISO: How to Build Stakeholder Trust
The impact of the skills gap
While the cybersecurity workforce gap has closed slightly, there’s still an estimated shortage of 2.72 million skilled professionals, according to (ISC). While the situation is improving, this is still a huge shortage and businesses are suffering in real ways because of it.
Lack of cybersecurity skills and awareness can be attributed to at least one data breach for 80% of organizations worldwide, according to a recent research report.
In total, 64% of firms worldwide said they have experienced data breaches that resulted in revenue loss, recovery costs and/or fines.
Also see: Secure Access Service Edge: Big Benefits, Big Challenges
Constantly evolving threats
“Fast” is a key term when describing cybersecurity events in late 2021 and early 2022. Cyber thieves are designing attacks with unprecedented speed, according to threat intelligence from the second half of 2021. They are continuing to take advantage of the growing attack surface of hybrid employees and IT, employing advanced persistent techniques that are more disruptive and unpredictable than in the past.
Ransomware’s aggressiveness, sophistication and impact remained unabated throughout the second half of 2021. Attackers are continuing to target businesses with a wide range of new and previously unknown ransomware variants. The Kaseya VSA remote monitoring and management technology attack, for example, received a lot of attention due of its pervasive impact. The “breach once, compromise many” aspect of software supply chain attacks was once again demonstrated by this event.
Remote work has further complicated the situation: The transition to remote work increased the need for advanced security measures and awareness, as data is spread across IoT and mobile devices in multiple locations.
Because of the worldwide trend toward digital transformation, technologies like multi-cloud platforms, SaaS, IoT and mobile devices have become indispensable in every business area. Data is being stored in more places, increasing the risk of data leakage or misuse.
Also see: Best Website Scanners
Combatting threats from the front lines
All these factors further underscore the need for cybersecurity leaders to find and retain skilled talent to help protect their organizations. But cybersecurity duties are not the sole purview of security operations center (SOC) teams and security platforms; basic internet and data safety is something all employees should be trained in.
It’s no longer viable to simply put a firewall at the network’s edge and be done with it. These days, security must be everywhere: at the edge, monitoring every user and tracking and securing every application and workflow from start to finish—particularly when they travel across and between network environments.
Organizations need to equip all network users with the proper training and certifications to prevent threats/data leaks. Cybersecurity talent is spread thin, so organizations need to educate additional staff to help bridge the gap and increase their networks’ protection.
Certification and training for all employees connected to the network, not just cybersecurity personnel, is essential for mitigating breaches and other threats entering the network, as well as helping close the cybersecurity skills gap.
Training and certifications are also ways for firms to address the skills gap. According to a recent survey, 95% of executives believe that technology-focused certifications benefit their role and their team, and 81% prefer hiring candidates who have certifications.
Furthermore, 91% of respondents said they would be willing to pay for a cyber certification for an employee. The fact that certificates validate greater cybersecurity knowledge and awareness is one of the main reasons for their popularity.
Also see: Top Digital Transformation Companies
Education: Your cybersecurity partner
Cyber-attacks and successful breaches are at an all-time high, and a cyber skills shortage only exacerbates the security outlook for organizations trying to protect their data and networks.
As the notion of a traditional cybersecurity perimeter evaporates, organizations must adopt new tactics and strategies. When “the human element” is responsible for 85% of successful cybercrime, it’s clear that more needs to be done in the arena of employee education and upskilling. Make sure to include ongoing training and certifications as part of a strategic cybersecurity plan.
About the Author:
Sandra Wheatley, SVP marketing, threat intelligence and influencer communications, Fortinet
