Do not index
Do not index
Summary: For SMBs to improve their cybersecurity posture, the people aspect must be given due attention. As the majority of businesses lack the in-house skills to combat attacks, this article details the needs and benefits of security training programs. It also provides guidance on how to go about consuming such training to derive maximum benefit and highlights some of the major considerations while selecting a security program. It also explores the value add of a marketplace for such programs to SMBs.
As cyber threats are on the rise and it’s costing businesses more to recover from an attack, it has become vital for businesses to enhance their cyber posture which rests on three pillars, namely technology, process and people. Looking deeper into the people aspect, surprisingly 61 per cent of businesses admit that they don’t have the in-house skill to properly deal with security issues and only a mere 23 per cent of decision-makers are sure that their business can defend itself from an attack.
Adding to this, it has become increasingly difficult for businesses to hire the right security talent. Last year, 45 per cent of businesses admitted that finding the right security talent was very challenging and 34 per cent said it was extremely challenging.
Deducing on the above information, suspicion might be raised regarding the quality of security professionals present in the cybersecurity ecosystem. Unless these professionals are trained on domain knowledge combined with practical skills, businesses are trapped in their current state of vulnerability.
Further, it is estimated that businesses can save a huge amount of money through better people management, as almost 90 per cent of all incidents are affected by human oversight or behaviour. Addressing the issue could be as simple as conducting effective training for employees.
Introducing: Security Awareness Program
Security awareness training is an approach used by IT and security professionals to counteract and mitigate user risk and is designed to help employees recognize the role they play in helping combat cyber-attacks. They also aid in employee understanding of proper cyber hygiene, the security risks associated with their actions and identify cyber-attacks they may encounter via email, web, etc.
Given today’s cyber threat environment, below are 6 reasons why security training is an absolute necessity:
Additionally, the benefits of security training are:
1. Ability to avoid/detect threats
2. Cyber resilient workspace
3. Incorporation of compliance training such as HIPAA, PDPA, GDPR, etc.
4. Enhance security knowledge and skills
A survey found that employees with training often exhibit better security behaviour. It highlights that 88 per cent of employees with training use a password against 79 per cent of employees without training and 48 per cent with training use encryption against 28 per cent without training.
Relevance to SMBs
As cybersecurity becomes increasingly crucial, SMBs need to focus on the people aspect of security posture as well. Training and development of employees, when done correctly, always provides a considerable return on investment. The below figure summarizes why security training is relevant to SMBs:
Product Usage
As your employees form the initial line of defence against cyber-attacks, it is essential for them to be aware of various threats and possess knowledge on how to be proactive to curb such attacks. Below is a step-by-step process of how SMBs typically consume security training programs:
Procurement / Installation and Deployment
Generally, business training programs can be classified into two delivery types:
1. Offline: Includes seminars/workshops
2. Online: Web-accessible training modules
Irrespective of the delivery type, SMBs should always make sure the program aligns with business needs and the credibility of the trainer/certification. Furthermore, it would be immensely beneficial to have these resources available on demand (so that trainees can revert to the material over time). Training modules must also include interactive hands-on modules and simulations. Some examples of such simulations include phishing emails, breach attack simulations (BAS), social engineering, etc.
An illustration of a real-world simulation would be GoDaddy sending out phishing emails to 7000+ employees. The email sent offered a Christmas bonus of $650 and asked employees to fill out a document with personal details. Approx. 500 people failed the phishing simulation. This furthers the argument for educating employees on various threats.
How can a marketplace help?
E-learning has become more popular recently, with over 80 per cent of businesses including various online modules as part of their training and development. SMBs tend to face difficulties while choosing security programs attributed to a lack of domain-specific knowledge, time and resources. A curation of various programs along with key features, details of both theoretical and practical inclusions and pricing could save a lot of time and effort.
Moreover, marketplaces (like Ofofo) focus on the quality of training programs by including ratings and reviews from users. It also enables extreme trust and confidence by meticulously vetting each program and conducting exhaustive due diligence on providers.
Conclusion
SMBs must consider security training programs for their employees. These programs have shown great results in reducing risks and improving security posture. They also include benefits such as providing a security resilient workspace and compliance with various regulations. While these training programs are numerous, a marketplace can help SMBs choose the right one with complete trust and confidence.
Written by
.png&optimizer=image)