Product Specials — Episode 3: Cybersecurity Training Programs
For SMBs to improve their cybersecurity posture, the people aspect must be given due attention. As the majority of businesses lack the in-house skills to combat attacks, this article details the needs and benefits of security training programs
Summary: For SMBs to improve their cybersecurity posture, the people aspect must be given due attention. As the majority of businesses lack the in-house skills to combat attacks, this article details the needs and benefits of security training programs. It also provides guidance on how to go about consuming such training to derive maximum benefit and highlights some of the major considerations while selecting a security program. It also explores the value add of a marketplace for such programs to SMBs.
Deducing on the above information, suspicion might be raised regarding the quality of security professionals present in the cybersecurity ecosystem. Unless these professionals are trained on domain knowledge combined with practical skills, businesses are trapped in their current state of vulnerability.
Security awareness training is an approach used by IT and security professionals to counteract and mitigate user risk and is designed to help employees recognize the role they play in helping combat cyber-attacks. They also aid in employee understanding of proper cyber hygiene, the security risks associated with their actions and identify cyber-attacks they may encounter via email, web, etc.
Additionally, the benefits of security training are:
1. Ability to avoid/detect threats
2. Cyber resilient workspace
3. Incorporation of compliance training such as HIPAA, PDPA, GDPR, etc.
4. Enhance security knowledge and skills
A survey found that employees with training often exhibit better security behaviour. It highlights that 88 per cent of employees with training use a password against 79 per cent of employees without training and 48 per cent with training use encryption against 28 per cent without training.
Relevance to SMBs
As cybersecurity becomes increasingly crucial, SMBs need to focus on the people aspect of security posture as well. Training and development of employees, when done correctly, always provides a considerable return on investment. The below figure summarizes why security training is relevant to SMBs:
Product Usage
As your employees form the initial line of defence against cyber-attacks, it is essential for them to be aware of various threats and possess knowledge on how to be proactive to curb such attacks. Below is a step-by-step process of how SMBs typically consume security training programs:
Procurement / Installation and Deployment
Generally, business training programs can be classified into two delivery types:
1. Offline: Includes seminars/workshops
2. Online: Web-accessible training modules
Irrespective of the delivery type, SMBs should always make sure the program aligns with business needs and the credibility of the trainer/certification. Furthermore, it would be immensely beneficial to have these resources available on demand (so that trainees can revert to the material over time). Training modules must also include interactive hands-on modules and simulations. Some examples of such simulations include phishing emails, breach attack simulations (BAS), social engineering, etc.
An illustration of a real-world simulation would be GoDaddy sending out phishing emails to 7000+ employees. The email sent offered a Christmas bonus of $650 and asked employees to fill out a document with personal details. Approx. 500 people failed the phishing simulation. This furthers the argument for educating employees on various threats.
How can a marketplace help?
E-learning has become more popular recently, with over 80 per cent of businesses including various online modules as part of their training and development. SMBs tend to face difficulties while choosing security programs attributed to a lack of domain-specific knowledge, time and resources. A curation of various programs along with key features, details of both theoretical and practical inclusions and pricing could save a lot of time and effort.
Moreover, marketplaces (like Ofofo) focus on the quality of training programs by including ratings and reviews from users. It also enables extreme trust and confidence by meticulously vetting each program and conducting exhaustive due diligence on providers.
Conclusion
SMBs must consider security training programs for their employees. These programs have shown great results in reducing risks and improving security posture. They also include benefits such as providing a security resilient workspace and compliance with various regulations. While these training programs are numerous, a marketplace can help SMBs choose the right one with complete trust and confidence.