Why Your CISO Needs Support to Protect Your Business
Written by: Marla Ovenden-Cooper
The world is evolving and things are changing quickly. The way we work has changed due to the pandemic since so many of us are living it and we have been doing so for over a year. It is not just the way we work that has changed though. The way that hackers and bad actors work has also changed. Just like many businesses made successful pivots, so too did many hackers. The vast transition into working from home and reliance on the cloud has resulted in the perfect storm for these bad actors. We will not know the full impact of the shift in the way we work as a result of the pandemic for a while yet, however initial statistics are alarming. According to RiskBased, data breaches exposed 36 billion records in the first half of 2020 alone.
Key Considerations
The rise in cyber incidents is an obvious concern from a business standpoint. The potential costs associated with dealing with a breach are rising. IBM estimates that the average cost of a data breach is $3.86 million as of 2020. Of course, there is also the concern for brand management. How will you deliver the message to your clients that there has been a breach? How will you maintain the trust of others who are part of your supply chain and those you regularly do business with? Both are very valid concerns. However, one of the most important considerations should be how your security team is being affected. After all, these are the individuals and teams who will help you prevent future breaches and incident responses. IT security professionals across all spectrums of business are burning out at an astounding rate. The Second Annual Study on the Economics of Security Operations Centers report from Ponemon Institute shows that SOC workers are overworked. Security Analysts are overwhelmed with workloads and the requirement of being on call, “with 75% saying that these factors cause burnout.” Compounding the situation is the fact that the turnover rate of Security Analysts is too high and there is an ongoing skill gap.
Practical Solutions for Your Business
So, what is the solution? Listening to CISO’s who have long been saying that they need more funding for training, for new security software and for upskilling employees from other departments is a great starting point. Security teams need to have enough members to be able to put plans into action when an incident has occurred. There has already been an identifiable skill gap in security departments for years and senior-level positions sit unfilled for months, which are often outsourced to recruiting companies to try and fill. The lack of qualified employees results in security weaknesses and vulnerabilities for the business. Now is the time to consider how you can establish a training system to help your employees move up the IT ladder and fill these key roles. Cybersecurity courses and certification training is also key for those who are already in security roles. With the industry landscape changing on a monthly or even weekly basis, ensuring that they have the opportunity to upskill to be successful will reduce stress and burnout. Training has been shown to impact retention and productivity. TechnoEdge Learning provides valuable IT training and versatile CompTIA prep courses for a+ certification, security+ certification, network+ certification and cysa+ certification training.
Ensuring Longevity and Success
Did you know that 84% of CompTIA certified employees indicate that they stay with their employer after getting certified? Training does so much more than provide the technical skills that are learned during this time. It shows employees that you care about them, their development in their roles and that you want them to succeed. Sure, there are short-term costs associated with training and developing a succession plan, but the benefits are an investment that cannot be ignored.
Read our other blog: The Evolution of Cybersecurity: Part 1