3 Considerations For Cybersecurity Leaders In 2023

Building a cyber-smart organization; empowering employees for cybersecurity vigilance

Significant data breaches sharply rose in 2021 - 68% - from the previous year. With an average cost of $4.35 million each, it is clear why organizations are investing in the teams that keep their network infrastructure and data resources safe. 

More than 1.1 million U.S. workers are employed in cybersecurity roles - yet, according to Cyberseek, there are an additional 769,000 roles unfilled. Simply said, the demand for cybersecurity expertise far exceeds the supply of qualified candidates. 

Faced with a need to fill roles central to keeping the company’s network up and running safely and securely, cybersecurity managers are increasingly exploring creative, new options for finding people ready, willing and (potentially) able to fill these roles. However, filling open roles is not the only talent issue cybersecurity teams face. Managers also must ensure the incumbent workforce – both in cybersecurity departments and across the organization – has the right skills and knowledge to defend against increasingly sophisticated attacks.

Here are three ways to help ease the cybersecurity talent and skills crunch.

Cast a Wider Net 

One solution that more and more organizations are considering is to broaden the talent pool to those candidates with adjacent experience or who are looking to change careers. This might mean loosening degree requirements for certain roles and moving to a skills-based hiring approach. Unconventional hires can bring diversity and unique perspectives to a team, which can drive new, innovative solutions to existing issues. Similarly, opening the search to existing employees in other departments can be a source of new hires as well.

Hiring an unconventional or lateral candidate requires an investment in training beyond normal onboarding. Ideally, these hires will have taken the initiative to pursue self-guided training, earned an industry certification or other action to begin their transition into a new field. Some companies are building their own talent pool, recruiting high school graduates through hackathons, boot camps and apprenticeships. 

Apprenticeships, in particular, have been a growing pathway to help employers close talent gaps in areas like technology that previously have not offered many apprenticeship options. Similarly, some organizations are investing time and resources to build partnerships and collaborate with local colleges or universities to lay a foundation - through coursework, internships, and other activities - for successful onboarding after graduation. These activities are then supplemented with formal internal and external learning and development programs that aim to improve team competencies and employee skillsets. 

Continuous Learning  

Much of the industry discussion of artificial intelligence (AI) and machine learning centers on how these technologies can amplify the work of cybersecurity teams. There has been, however, less discussion of what happens when bad actors use AI to crack into a network infrastructure. From deep fake phishing schemes to spam campaigns that learn how to sneak past filters to reconnaissance activity, hackers – and even those with little knowledge of hacking but enough ill intent – are increasingly leveraging AI to break into corporate information technology (IT) systems.  

Staying ahead of these network attack agents means corporate cybersecurity professionals need to learn faster than AI and stay on top of the latest developments. Because the AI-driven threat landscape is constantly evolving, it takes more than attending a conference or two to keep abreast of current threats. Increasingly, employers pay for cybersecurity employees to pursue continuing education coursework and upskilling that ensures they are aware of the latest threats, while also allowing these employees to continue to grow and develop in their roles. 

While there currently is no industry-wide requirement for ongoing education for those who work in cybersecurity, there has been talk that this profession should join others, including education, healthcare, law, and construction that have a continuing education requirement to maintain certifications. 

Empower the Organization 

What is more effective than a small team of on-staff cybersecurity professionals is an entire organization that is vigilant and educated about staying cyber safe. Ongoing cyber security awareness education needs to extend throughout the whole organization. No matter how diligent and alert the cybersecurity team is, the odds are that every network will experience some sort of breach at some point. According to the IBM Security Cost of a Data Breach Report for 2022, 83% of the organizations that experienced a data breach in the 12 months ending in March 2022 had experienced at least one previous breach. 

The fact is every employee, business partner and customer who accesses an organization’s network is fighting on the front lines against a network intrusion on a daily basis. Mandating annual cybersecurity awareness training for all employees should be supplemented with requirements to regularly change passwords and download software patches and updates for basic cyber hygiene. And the results can be truly eye-opening. For example, most companies have an average phishing rate of about 30%, meaning about a third of their workforce could be at risk of clicking on a phishing email. However, employee awareness education and immersive training programs such as realistic phishing simulations can drop rates to as low as 1%. 

Ensuring the security of an organization’s network infrastructure amid a significant shortage of cybersecurity talent means everyone from the IT professionals who guard the network on a daily basis to the contract employee working on a laptop remotely - needs to be committed to remaining vigilant. Ongoing education for all employees within the organization is a key strategy to ensure everyone remains cyber-smart. 

Jim Chilton currently serves as Cengage Group Chief Technology Officer (CTO). Jim strives to drive innovation throughout the company and create alignment across leadership to understand, shape and deliver what is needed from the Group Technology organization.