4 minute read
3WAYS YOUR ORGANISATION CAN UPSKILL TO ENSURE CYBER RESILIENCE How Upskilling Will Help Your Organisation Meet Its Cybersecurity Challenges
By Tony Vizza, CISSP, CCSP
Director of Cyber Security Advocacy, Asia-Pacific, (ISC)2
In September, the Australian Cyber Security Centre (ACSC) published its Annual Cyber Threat Report for the 2019-20 financial year. The report showed that over 59,000 cybercrime reports were made to government requiring ACSC assistance to over 2,200 incidents.
Continues over page >
This report adds to the body of evidence showing that cyber-crime continues to grow all across the world, with cyber-crime now the number one category of crime reported in countries such as the United Kingdom.
The Annual Cyber Threat Report also showed an alarming new development – in April of 2020, incidents spiked considerably. According to the ACSC, this spike was caused by pandemic themed cybercrime. Most of these incidents were caused by malicious emails, compromised systems or brute force attacks. The situation became so dire that in June of 2020, the Prime Minister, Scott Morrison, publicly announced the threat of cyber-attacks and unveiled a range of measures and spending to help address cyber risk to Australian individuals, organisations and government.
Most organisations in Australia and around the world are grappling with the issue of cyber resilience. Of course, it is critical to remember that the foundations of any strategy rest on three broad pillars – people, process and technology – with people remaining the most important aspect. Cognizant of this, the best way to deal with cyber risk is to upskill your organisations staff into dealing with cyber issues.
In this article, we consider the three ways that organisations can upskill their staff to attain cyber resilience.
1
CYBER SECURITY AWARENESS TRAINING FOR ALL STAFF
Information technology resources are used by all members of staff. It is critical that all staff have access to high quality, engaging and relevant cyber security awareness training. Training should be tailored for different job titles and seniority levels. Providers of cyber awareness training include Axelos Resilia and KnowBe4 just to name a few.
Given the rapid shift to working remotely, organisations will benefit by ensuring that family members of staff are also supported in cyber awareness training, including children. Good resources to assist include the Centre for Cyber Safety and Education (www.iamcybersafe. org) and the Australian Governments E-Safety Commissioner (www.esafety.gov.au).
2 3
CYBER SECURITY TRAINING AND ACCREDITATION FOR IT STAFF
Most organisations will employ one or a number of IT staff to manage IT resources. More often than not, these IT staff will also be tasked with cyber security functions. It is crucial for organisations to recognise that IT and cybersecurity are entirely different realms. An IT professional is not necessarily a cyber security professional unless they have trained and become certified in cybersecurity.
Organisations that understand this concept proactively support their IT staff to upskill in cybersecurity. The most common way of achieving this is by attaining a valid industry certification such as the Systems Security Certified Professional (SSCP) certification, which is an AS / NZS 17024 accredited certification and recognised under the Australian Governments Cyber Skills Framework. The SSCP certification is a fantastic add on for systems and network professionals to ensure that their IT work is also performed using cyber security best practices in mind.
CYBER SECURITY CERTIFICATION FOR CYBERDEDICATED PROFESSIONALS
An increasing number of organisations will employ professionals dedicated purely to cyber security. These women and men are tasked with ensuring that an organisations cyber security posture and resilience can meet the elevated threat environment. Organisations should ensure that these professionals are duly accredited both in industry recognised certifications that require continuing professional education such as the Certified Information Systems Security Professional (CISSP), as well as vendor-based accreditation depending on which IT and security vendors are being used.
In addition, organisations should consider upskilling their cybersecurity staff in areas that are growing rapidly or are showing increased vulnerabilities. An example of this is Cloud security, illustrated by the exponential rise in cloud deployments being breached by cyber criminals. As a result, organisations are now funding training for their cyber teams to become Certified Cloud Security Professional (CCSP) certified in order to help meet this new challenge. Another example is the Software and App development space, where software vulnerabilities continue to be a major cause of cyber breach. This has seen rise to the adoption of the Certified Secure Software Lifecycle Professional (CSSLP) certification to ensure that organisations adopt secure coding practices by their development teams.
In conclusion
A major aspect in any organisations cyber security resilience will always remain its people. By ensuring that staff are adequately trained, skilled and certified in cyber security concepts that are relevant to their organisations through upskilling, this will help ensure that your organisation has the appropriate processes in place as well as the right technology in place. Most crucially, it will help your organisation avoid to become another statistic and another data breach headline.
About the Author: Tony Vizza
Tony Vizza is the Director for Cyber Security Advocacy at (ISC)². (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. www.isc2.org. Tony is also a Board member and director of the Australian Information Security Association (AISA) and Cyber Security Ambassador with NSW Government’s Cyber Security Network Node.
