Page 52 - Cyber Defense eMagazine July 2024
P. 52
Train General Employees Similarly to Cyber Teams
Despite the need for cybersecurity talent, the global shortage of nearly four million cyber professionals
makes hiring difficult. This shortage places pressure on understaffed teams, forcing them to do more with
less and consequently increasing burnout. Short of getting lucky and landing a skilled worker, businesses
cannot magically solve the talent shortage through hiring alone. However, companies can bolster the
security competency of their general employees to take a load off the shoulders of overworked
cybersecurity teams.
General employees don't receive sufficient training. The typical security awareness training is little more
than watching videos and completing simple comprehension quizzes. It should come as no surprise
that human error accounts for 95% of cybersecurity issues. Alternatively, businesses should provide the
same training methods cybersecurity teams use to everyone else – namely, interactive simulations and
life-like rehearsals.
Spontaneous security simulations, such as mock phishing emails, will allow companies to understand
their workforce’s security fitness and offer tailored training to those departments that performed poorly.
Plus, by using role-relevant training mockups, organizations can arm their people with the proper protocol
for real incidents, reducing anxiety and instilling confidence.
Avoid Complexity, Design with People in Mind
Training is invaluable to strengthening a company’s security posture. But if security processes are too
complex or cumbersome and not simple to use, no amount of training will encourage people to spend
precious minutes trying to resolve an issue. For example, while employees may know not to click on a
suspicious link, they don’t want to spend time confirming that the link is unsafe. Most likely, they might
not know how to verify that a link is dangerous beyond their gut instinct.
Organizations must design security processes to incorporate principles of secure-by-design and human-
centered design. The former approach places security as a core business goal rather than as some
technical feature. The latter approach places people at the heart of the solution – more specifically, the
designers are empathic toward the people they are trying to help. When dealing with shady links, for
example, the security team and designers must create a user-friendly link verification solution that is not
complicated but quick and easy to use, ensuring employees will perceive its value and be encouraged to
use it to benefit the entire organization.
Interestingly, this trend toward human-focused security solutions continues to gain traction. Gartner
predicts that by 2027, 30% of cybersecurity functions will redesign application security to be consumed
directly by on-cyber experts and owned by application owners.
Implement a Zero-Trust Model
When businesses think about cybersecurity, they might imagine a castle with high walls and a deep moat.
They build their fortress to repel outsider attackers, often forgetting the threats lurking inside the walls.
Cyber Defense eMagazine – July 2024 Edition 52
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
