Cybersecurity training trends reflect the urgent need for organizations of all sizes to harden their infrastructure against increasing external and internal attacks.
In 2020, some 37 billion records were compromised in nearly 4,000 reported data breaches, according to RiskBased Security’s 2020 Year End Data Breach QuickView Report.
Organizations that fail to invest in cybersecurity training are leaving their networks more vulnerable.
Cybersecurity training today
The average cost of a data breach in 2020 was $4.24 million, according to the Ponemon Institute and IBM Security in their Cost of a Data Breach Report 2021 — a 17-year high over the history of the report. Most incidents occurred in the U.S. By the time networks are breached, the damage is done; cybersecurity training can increase an organization’s ability to head attacks off at the pass.
These five cybersecurity training trends show how enterprises are safeguarding their networks partly through comprehensive employee training:
5 trends in cybersecurity training
Cybersecurity training will include a wider scope
Cybersecurity training has been changing over the past several years in several ways. Perhaps the starkest difference is that today, more and more organizations are widening the scope of training to include employees outside SecOps and IT teams. Virtually every employee at most organizations uses network resources to some degree, so it pays to invest in training that includes basic cybersecurity protocols on issues like authentication and access to every employee.
We’ll also see a wider scope in terms of training on multiple devices and systems. No longer do organizations utilize single-system approaches. Today, workers connect from outside the office across mobile devices and laptops, and they typically interact with several disparate systems throughout their workdays. Cybersecurity training will widen to include every conceivable network connection.
2. Security awareness will become a primary focus for cybersecurity training
According to the 2021 Cyberthreat Defense Report conducted by CyberEdge Group, low security awareness among employees is the “top barrier for organizations establishing effective defenses.” In other words, untrained employees are putting organizations at risk in the course of their workdays, often completely unbeknownst to them.
Basic security awareness has been focused on a narrow range of tools available to most or all employees — using secure passwords for email and user accounts, for example, or rules around access management. Non-technical employees today typically don’t know much about preventing cyber threats beyond these kinds of basic security measures.
One of the most effective ways organizations are furthering security awareness goals is through comprehensive education about cybercriminal tactics, like phishing. In 2020, 241,342 victims reported phishing to the FBI, according to the research firm IC3. Phishing tactics have become more sophisticated and are more often aimed directly at C-level targets, where the rewards tend to be greatest.
We’re sure to see more companies contracting with service providers that can perform phishing tests on their employees by email and phone. These services report back to companies to tell them how their employees fared when confronted with common phishing tactics, like promotional emails or phone calls where the caller impersonates a company higher-up.
3. Cybersecurity training will focus more on AI-enhanced cybersecurity platforms
Of the hundreds of thousands of data breaches that occurred in 2021, 85% were due to the “human element,” according to the 2021 Data Breach Investigations Report conducted by Verizon. A full 43% of employees indicated they were “very” or “pretty” certain they have made mistakes at work with security repercussions. It’s no wonder organizations are bringing on more artificial intelligence (AI) solutions, including AI-enhanced cybersecurity.
Cybersecurity training will include learning about how to use AI tools to the best organizational advantage. This approach will not only increase overall network security but will also help organizations get more from their hefty investments in these solutions.
4. Cybersecurity certifications for employees will become more common
An increasing number of cybersecurity professionals are becoming certified in various specialties, including those employed by organizations footing the bills. Certification is effectively an outsourcing solution for increasing overall cybersecurity knowledge among SecOps teams — a big advantage considering the dearth of qualified cybersecurity professionals among job seekers.
Enterprises are investing in certifications through CompTIA and specialized certifications like Certified Ethical Hacker (CEH), EC-Council Computer Hacking Forensics Investigator (CHFI), and the Certified Information Security Systems Professional (CISSP) certification.
5. Cybersecurity training efforts will focus more on IoT
Organizations are using the Internet of Things (IoT) to monitor endpoints across their supply chains, among countless other applications, and threat actors have taken notice. Zscaler reports a 700% increase in IoT-specific malware compared to pre-pandemic findings. This may be less surprising when we consider that four in five IoT devices transfer data in plain text instead of using SSL approaches.
The good news is that newer cybersecurity platforms typically include IoT support. Cybersecurity training is evolving to include these advances, which work fundamentally differently from other network connections. Organizations will want to ensure their security teams are up to date; they will also need to invest in wider employee education about the use of IoT devices to further reduce risk.