72% of cyber leaders agree that the threat landscape is becoming more challenging. Despite the increasing complexities, traditional approaches to cybersecurity training have remained stagnant.
This approach has resulted in a lack of cyber resilience across workforces, with only 32% of industry leaders reporting a formal strategy to ensure cyber resilience.
In a recent webinar, I sat down with Robert Boyce, Global Cyber Resilience Lead at Accenture Security to discuss how fundamental shifts in training and upskilling can help make cyber resilience a reality.
People first, certification second
The cybersecurity field has long defined certifications and duration of technical career, as a hallmark of ability. In today’s ever-changing threat landscape, however, organizations need to prioritize enabling individuals to apply those classroom lessons in real-world scenarios. By testing capabilities in realistic simulations, organizations can gain measurable visibility into how teams and individuals will operate during an actual crisis.
Additionally, this kind of proactive, real-world exercising enables individuals to grow their skillsets, advancing both capabilities and careers. By providing employees with tools that enable them to demonstrate their existing skills and potential, organizations can uncover previously untapped talent and build a motivated workforce committed to resilience.
Exercise the enterprise
Annually-cadenced, paper- or video-based tests are insufficient for exercising and assessing the skills of the general population of an organization’s first responders. To be truly effective, these assessments must occur continuously, creating a comprehensive exercising program that reveals both strengths and weaknesses at different organizational levels.
If correctly orchestrated, continuous exercising also enables organizations to identify tangible improvements. By retesting previously discoverer weaknesses, organizations can ensure that progress is being made at a measured pace. Armed with this data, organizations can make informed decisions about how to improve overall organizational preparedness, enabling creation of a cyber resilience strategy that can evolve with each emerging threat.
Security is a team sport
Exercising and upskilling cannot exist in a vacuum. For organizations to truly achieve cyber resilience, security knowledge upskilling must occur across the workforce. The only way the pervasive cybersecurity can be remediated – if not solved entirely – is to make security part of every job.
Until this concept is realized, vulnerabilities will persist and knowledge will remain siloed. However, by incorporating ongoing security upskilling at all levels of the workforce, organizations can foster a cyber resilience culture from techs to execs.
To learn more about cyber resilience strategies, watch the entire webinar here.