Respond As A Whole With Organization-Wide Cyber Skills
By James Hadley, CEO
Cyber risk is more pervasive than ever. As crippling attacks become commonplace, cyber skills can no longer be confined to the security team alone. They're now the concern of departments across the entire organization.
The Colonial pipeline hack tells us why it's so vital that cyber knowledge, skills and capabilities extend beyond the technical teams. A range of non-technical stakeholders at Colonial — from PR to senior strategy makers — had to deploy to communicate with the public, decide to shut down the pipeline, and work towards a resolution. It was a huge cross-departmental effort.
This is not the first nor the last example of an all-encompassing cyberattack, which is why I cannot stress enough how important it is that business leaders are able to analyze and optimize the cyber skills of their entire workforce — not just their security staff.
The importance of understanding skills levels
It all starts with understanding a baseline of capabilities. Skills development is an inexact science, but those at the top must be able to visualize the strengths and weaknesses of their people to ensure their organization is prepared. Otherwise, they're operating blind.
Organizations also need to be able to continuously benchmark people's capabilities and experience. Today's threat landscape is evolving at a rapid pace; cyber capabilities must mirror that. CISOs should therefore gather data on everyone's cyber skills from the CEO down. Only by continually evaluating teams against real-life risks can CISOs understand the effectiveness of their crisis response.
Humans are key to protecting your organization
Too often, people are seen as a risk. We must change this mindset. Instead, security leaders need to see their entire workforce as one of their most valuable defensive assets. Employees of all roles have different non-technical skills that can be used in cyber defense, including "softer" skillsets like critical thinking, problem solving, and effective communication. Non-technical teammates used to be viewed as a liability when, in fact, they may be your biggest untapped asset.
One of the most effective ways to unlock your workforce's cyber potential is to enable them to regularly exercise their skills. This prevents skills decay and builds cognitive agility. Developing this is the byproduct of a continual cycle of learning, so a higher cadence of exercising is vital.
Tap talent internally before looking externally
Most organizations already have the talent to keep their organizations safe. Every employee can be a defensive asset; they just need to be equipped with the right skills and empowered to learn. Protecting your organization from cyber threats starts with understanding your employees' capabilities. Once you have this, you can offer the right training to keep those capabilities sharp and in-line with the threat landscape.
Rather than rushing to hire new security professionals with out-of-date certifications, turn to your own people first. As we look to the future, it will be critical for business leaders to be able to understand, measure and optimize the workforce they already have to fend off the threats of tomorrow.