Cyber and ransomware threats are growing at a rapid rate, critically endangering organizations’ sensitive data. In 2023, the global average cost of a data breach reached USD 4.45 million, a 15% increase over 3 years — predicted to reach $9.5 trillion USD in 2024. What’s more, organizations are now facing highly intelligent, AI-powered threats – including advanced phishing attacks, deep fakes, and fraudulent phone calls — that are increasingly challenging to identify and respond to. Just recently, the FBI warned of hackers burrowing deep into U.S. cyberinfrastructure — with the intention to cause damage to our nation’s electrical grid, transportation systems, and other critical infrastructure. Clearly, AI-powered threats are now reaching critical levels, and organizations across all sectors must respond.
Amid this growing threat, organizations also continue to face challenges with bridging the cybersecurity skills gap — from security analysts to IT professionals — with 71% of organizations reporting that the cybersecurity skills shortage has impacted them. This gap can be caused by not giving cybersecurity teams enough opportunities to learn and grow within the organization — and as a result, failing to retain talent in the long run. As the threat landscape becomes more complex, and AI technology continues to advance in lockstep, companies must act now to ensure their security and IT teams are prepared for this ongoing shift. With this, providing upskilling opportunities and education about the organization and its business becomes ever more critical in assessing and adapting to new threats. Below are three tips organizations should keep in mind, to confirm that their security and IT workforce is prepared to face evolving threats.
Upgrade upskilling initiatives
Organizations must provide constant upskilling initiatives surrounding artificial intelligence (AI) and machine learning technologies company-wide to ensure that no employee falls behind as AI continues to take hold. Using and understanding AI tools are now essential skills, especially as bad actors also continue to leverage AI to carry out advanced attacks. Companies must provide security and IT personnel with comprehensive, ongoing training to not only understand how to use these tools to streamline productivity, but also how hackers can leverage the tech to cause damage.
As AI technology evolves rapidly, training must be provided on a very regular basis. Cybersecurity professionals must be aware of how AI tools should be used (and shouldn’t), how to leverage them responsibly and how they collect and store data. Today, one-size-fits-all training modules will no longer suffice — upskilling must be interactive and personalized to truly inform security professionals. Training can be made even more engaging through gamification and fitting in modules alongside work. As AI threats are extremely complex, providing tailored education is a must to equip security and IT personnel for success.
Promote relevant certifications and industry organizations
Security and IT leaders should be encouraged to gain relevant certifications and join industry organizations — including the Information Systems Security Association (ISSA), Cloud Security Alliance (CSA) and the Information Systems Audit and Control Association (ISACA), for example. These organizations give employees the forum to openly discuss and learn more about emerging technologies and industry trends outside of the workplace.
Certifications — through programs including CIPP, JD, and CISSP for example — provide critical skills that can be valuable in detecting and preventing new threats. Encouraging cybersecurity professionals to join relevant organizations and gain new certifications directly enhances the organization’s overall security posture and offers professionals an advanced and diversified knowledge of the threat landscape. Failing to invest in your employees by encouraging certifications they can take pride in is the shortest route to losing your best talent.
Shift workflows for security leaders
Organizations looking to upskill their cybersecurity professionals should consider adjusting and reorganizing key workflows to give the entire security team — aside from just the CISO — ample time to research emerging threats and remain up to date on what the ramifications of these threats may be. By automating repetitive tasks for these team members or restructuring key processes and timelines, the entire team, from CISO to analyst, can have more time to dedicate towards staying ahead of industry trends and cyber-attacks, ultimately strengthening the organization’s ability to detect and respond to threats in the long run. Giving employees time and space to be curious and explore the latest threat intelligence, commentary and insight — including topic-based tabletop exercises or red teaming — will yield significant dividends in understanding the organization's true security posture and preparedness.
In today’s cybersecurity landscape, companies must strive to be a learning-forward organization. Tangible adoption of this principle must go beyond formal skills and training — every encounter your teams have with a threat or an attack is a learning opportunity. In the midst of an incident, team members should be encouraged to apply their skills and expertise without the fear of post-incident blame, which only limits response and hinders loyalty. This cycle ensures the team is better equipped to apply their skills and decision-making if an incident occurs, minimizing disruption and harm to the organization and its customers.
Providing security and IT teams with a full spectrum of tools, opportunities and industry knowledge needed to succeed is now critical — to not only help advance their career and knowledge as cybersecurity professionals but to bolster the entire organization’s security posture. A more informed security team will be better equipped to quickly and independently identify new threats and spot vulnerabilities. As AI threats evolve faster than we can keep up, organizations must provide the upskilling initiatives and educational opportunities to power success for their security and IT teams in 2024 — or risk falling prey to data breaches or cyber-attacks.