The cybersecurity skills shortage – is it creating a big problem for small and medium-sized businesses?

It has been widely reported that the global shortage of skilled cybersecurity personnel is threatening the security of businesses, with a recent study by The World Economic Forum revealing that 60% of businesses admitting they would find it challenging to respond to a cybersecurity incident owing to shortages of skills in their team.

Research into the UK cybersecurity labour market revealed that half (51%) of all private sector businesses identify a basic technical cyber security skills gap, accounting for around 697,000 businesses. Furthermore, industry body ISACA found that 69% of those businesses that have suffered a cyber attack in the past year were somewhat or significantly understaffed.

According to experts, the skills gap is not set to close any time soon, if anything, these shortages are expected to intensify. Last year the Department for Culture, Media and Sport (DCMS) predicted there would be an annual shortfall of 10,000 new entrants into the cybersecurity market but in its latest report, released in May, that was revised to 14,000 every year. This means that, over time, we can expect business defences to become even weaker and more exposed.

Businesses must train all employees on cybersecurity awareness

While training is certainly not a replacement for skilled cybersecurity professionals, these statistics highlight the need for increasing general cybersecurity awareness training among employees; not just relying on cybersecurity professionals to safeguard the businesses’ infrastructure and protect its data.  

 

At DeltaNet, we conducted research into Google’s online search habits over the last four years and found that there has been 114% increase in the demand for cybersecurity training in the workplace which suggests that employers are realising this need and turning to alternative training methods to address this issue.

“In today’s world, cybersecurity needs to be part of everyone’s job; every employee has a role to play,” says Jason Stirland, Chief Technology Officer at DeltaNet International.

“Despite the importance of recruiting, retaining and certifying a cybersecurity team, organisations cannot really secure themselves until all employees are aware of cyber threats and know how to prevent data breaches. This means ensuring that all employees, at all levels and in all jobs, have the knowledge and awareness necessary to protect themselves and their company’s data. The breach will always be a possibility until they do.”

According to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved a human element. This includes incidents in which employees expose information directly (for example, by misconfiguring databases) or by making a mistake that enables a security breach to take place (such as, downloading a malware infected attachment or using a weak password).

“Untrained staff are a huge, if not the biggest threat to a business network as they can effectively open doors to threats, bypassing even the best cyber defences. Over the past year, organisations across the globe have been dealing with employees returning to the workplace, navigating office-based, remote and hybrid workers. Unfortunately, many businesses forget the importance of training their hybrid and remote workers about cybersecurity best practices – weakening the organisation’s resilience to any security breaches. IT professionals should identify any skills gaps in the organisation and ensure all employees understand their role in safeguarding the organisation’s infrastructure and protecting its data.”

What should cyber security awareness training entail?

Cybersecurity awareness training should form part of a multiyear training strategy to educate, test employees’ existing knowledge and reinforce what they have learned. Ensuring that training is refreshed at least annually will help to embed a culture of compliance and create a vigilant workforce.

Training should ensure that employees know how to recognise and report suspected malicious cyber activity, practice good cyber hygiene and safeguard their personal devices and home networks.

As a minimum, a good cybersecurity training program should include:

·       Cybersecurity Awareness

·       Phishing Awareness

·       Data Protection Awareness

·       Setting a Secure Password

·       Keeping Information Secure

·       Social Media Awareness

·       Fraud Awareness

·       Using Email and the Internet Securely

·       Securing Mobile Devices

DeltaNet’s Cybersecurity Training is trusted by businesses all over the UK, and offers a complete, cost effective solution to your training needs. Our courses offer a comprehensive overview of the key information that you and your employees need to keep your information secure and your business safe and compliant. For more information visit and to browse our course collection, click here.

 

During Cybersecurity awareness month this October, we’re offering access to 17 of our Cybersecurity awareness eLearning courses for free! To access the free courses, sign up here by 31st October 2022 for free access to the platform for seven days.   


Enquire here

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.