The Institute of Information Security Professionals (IISP) has called on UK companies to provide more cyber-security training for their staff in order to prevent them falling victim to the ever-increasing threats posed by hackers and cyber-attacks. However, it has also voiced a word of caution about the quality of that training.
The cautionary note relates to concerns that the IISP has about inexperienced or narrowly focused training providers jumping on the bandwagon in the light of the spate of recent high profile attacks. The worry is that some of the cyber-security courses on offer may not provide the level of skills that businesses require to prevent and deal with such attacks, thus giving them a misplaced sense of confidence.
And the IISP is certainly well placed to make such points, being a not-for-profit organisation with over 2,800 individual members across both private and government sector that is dedicated to raising the standard of professionalism in information security. It does this by sharing best practice and providing a network of support and guidance on skills development.
Amanda Finch, general manager at the IISP, said: “After the WannaCry and Petya ransomware attacks, the need for organisations to improve their cyber-security strategies has become abundantly clear and demand for cyber-security training has continued to grow.
“While the move by companies to be more proactive in educating their practitioners and staff about cyber-security is certainly very positive, the risk is that overwrought teams will invest in training that provides only high-level or regurgitated content, which isn’t adequate and fails to reflect the evolving threat landscape, new technologies and significant changes in cyber-skill profiles and challenges.”
And the need for quality training was further emphasised by the results of the IISP’s second annual survey which found that over 80% of security professionals identify ‘people’ as the industry’s biggest challenge compared to technology and processes.
While people have long been seen as the weakest link in IT security through lack of risk awareness and good security practice, the people problem also includes the skills shortage at a technical level as well as the risk from senior business stakeholders making poor critical decisions around strategy and budgets.
Whether it’s general cybersecurity awareness, secure network design and implementation, continuous monitoring, network forensics and analysis, or smart and effective incident response training, we can prepare you and your team to battle the latest cyber threats and attacks. Learn more here.