The key element in your cybersecurity strategy isn’t process, tech or data – it’s people
Anyone who has formulated an organizational plan knows that the decades-old golden triangle (people, process and technology) takes some balancing. This has become increasingly difficult in most industries, with data adding enough pressure to turn that triangle into a diamond. In cybersecurity, however, data has led the conversation for several years – it’s people who…
Anyone who has formulated an organizational plan knows that the decades-old golden triangle (people, process and technology) takes some balancing. This has become increasingly difficult in most industries, with data adding enough pressure to turn that triangle into a diamond. In cybersecurity, however, data has led the conversation for several years – it’s people who are still overlooked.
The cyber industry is grappling with continual transformation, from the early days of implementing technology to block viruses to the struggle of applying process and data to threat identification. Right now, it’s clear that maximizing the effectiveness of human capability is front and center in staying resilient in the face of adversaries.
So how can an industry biased towards technology since its origins shift the balance to its prize resource, human intelligence?
Cybersecurity is about protecting your house through process, technology and data. But to keep the house secure, its inhabitants must be well equipped and battle ready. Cyberthreats are now more advanced than ever, with mainstream hacker groups utilizing the kinds of cultivated tactics once only available to nation-states. Quickfire changes in technology, such as those we’re seeing with the Internet of Things (IoT) and cloud operations, are broadening attack surfaces, yet people, the ultimate defense, are playing second fiddle.
"The problem is that many organizations build their cybersecurity practices backwards: the focus is on technology and quick wins instead of measuring human readiness"
What is Upskilling?
Upskilling employees is paramount for businesses, whether it’s awareness at the basic level or ensuring specialists are on top of emerging threats. A holistic approach to cybersecurity, where a people-first culture is grown from the bottom up, is crucial in an age where one third of companies report cyber breaches each year.
The traditional approach for enterprises, where money is hurled at firewalls while new employees are handed a written security policy, must end. It is never game over when it comes to human readiness. Your employees must evolve at the same pace as innovative attackers who operate outside the law, especially when the most common point of entry is regular employees with limited cyber awareness.
The problem is that many organizations build their cybersecurity practices backwards: the focus is on technology and quick wins instead of measuring human readiness, and processes revolve around the capabilities of resource-intensive products. Technology is only as good as the human configuring it, so arming your people with the tools to evolve will protect your organization more than fancy software alone. A cybersecurity practice must begin with people and processes but be supported by technology.
Battle Tests, Ranges, and Evidencing Your Workforce's Preparedness
At Immersive Labs, we deliver challenge-based cybersecurity content developed by experts and powered by the latest threat intelligence. Our unique approach enables businesses to battle-test and evidence their workforce’s preparedness to face emerging cyber threats, moving you beyond generic training courses to interactive skills content that’s relevant to the risks you face. And best of all, it’s available entirely through the browser, so your people can up their game anywhere, anytime. To see why so many global enterprises are placing their trust in Immersive Labs, book a demo today.
7 September 2020
Latest Blog posts
An investment into the cyber skilled workforce of the future
11 June 2021
Patch Newsday – 8 June 2021
9 June 2021
Frustrations of an AppSec Engineer Part 2: Lost in Translation
21 May 2021
Welcome to the DarkSide: where IT and OT Collide
20 May 2021
Frustrations of an AppSec Engineer Part 1: Collaboration, Collaboration, Collaboration
13 May 2021
It makes you WannaCry: Anti-Ransomware Day 2021
12 May 2021