SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Expert says effective IT security starts with effective training
Tue, 7th Nov 2017
FYI, this story is more than a year old

Tony Glass, GM - VP EMEA at Skillsoft, discusses why effective training holds the key to robust IT security in an increasingly challenging business environment

With the business world embracing mobile applications, cloud computing and other high-value innovations at an ever-growing rate, the rise in new security vulnerabilities has also increased rapidly. Now more than ever, uninformed, careless, or disgruntled employees can quickly create profound security problems for an organisation of any size.

While the brunt of this threat has historically been dealt with by in-house IT security teams, the growing shortage of skilled security experts across the IT industry has led many organisations to look for other ways to tighten up security operations.

A challenging security landscape

Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for the entire IT ecosystem, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences. Never before have IT security experts been in such high demand, and therein lies a major problem; there simply aren't enough to go around.

For years, corporate organisations viewed IT departments as cost centres, steadily outsourcing as many IT functions as they could. As a result, the IT industry shed thousands of jobs and large amounts of brain power. Fast forward to the present and the same organisations are now realising their IT services and functions can be a rich source of differentiation, innovation, and competitive advantage; the exact areas that outsourced IT resources have trouble addressing and improving.

Now they are once again scrambling to hire talented IT personnel. Unfortunately, the actions of the past mean that current demand far outstrips supply. Nowhere is this more apparent than in cybersecurity, where freelancers and contractors are commanding hundreds of pounds per hour for their services.

Increase security from within through effective training

In the face of this critical skills shortage, many organisations have decided to take their existing team's security skills to higher levels through training.

Comprehensive training and certifications can significantly reduce risks by helping employees stay on top of the changing IT security landscape while validating their skills and knowledge. Furthermore, many employees view training as a reward or perk, making it a valuable tool for recruitment and retention.

Effective use of training can not only help to avoid the time, costs, and headaches of replacing scarce resources, it also helps maintain the subtleties and nuances of IT security within a specific organisation, providing both continuity and consistency.

What does an effective training programme look like?

While the training needs of every organisation are different, a number of key elements should always be considered when looking for an effective programme:

  • Expert-led instruction: Authenticity and credibility matter, especially with critical topics like IT security. Trainees want to hear from engaging subject-matter experts, not paid actors or professional voiceover talent.
  • On-demand video: While many Baby Boomers prefer book-based learning, it's a different story for later generations. For a growing number of IT workers, video is the most requested learning mode.
  • Hands-on learning: Trainees often report that they value the content of videos, classes, and books, but they want to put those lessons to work with practical application. Hands-on learning creates excellent retention and is a learning style that has particular appeal to IT professionals.
  • Brevity: No matter the content or modality, there's one thing virtually all trainees agree on: digestible brevity, short, targeted lessons that align with their goals and their current (often urgent) needs. Even if a complex topic requires several hours to learn, most prefer to consume the training in short bite-sized portions that can fit around busy schedules.
  • Accessibility: Make the resources easy to access and search. Content must be available on any device desktop, laptop, smartphone, or tablet and at any time or location.
  • Frequency: The IT domain – and security, in particular – is a discipline that requires a commitment to continuous learning. With the issues, innovations, threats, and underlying technologies all in a constant state of change, organisations must dedicate the time and resources to keeping all key employees abreast of new developments as and when they arise.

Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within.

From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.