Don't overlook your biggest security flaw -- your talent

What's your best line of defense against cybersecurity threats? Skilled, experienced, highly trained IT talent. Don't skimp on hiring, training and retention, or your business may suffer the consequences.

1 2 Page 2
Page 2 of 2

Less than a quarter of survey respondents allocate 10 percent to 20 percent of their IT budgets to training, while 11 percent said they don't provide any money for IT training because it's too expensive - and that could be a costly mistake.

"The data we've compiled suggests that companies do not provide enough means for IT training, despite a lack of IT talent and ever-increasing technology and cybersecurity challenges," Corey says. "This skills gap is only getting worse, even as demand for these skills accelerates. And most cybersecurity training providers are prohibitively expensive -- even the most forward-thinking business is going to raise an eyebrow at paying $3,000 to $5,000 per class, especially because the skills taught could be obsolete almost immediately!" says Corey.

That's not to say such training isn't worth it, by any means, Corey says. "Cost is the biggest obstacle -- for employees who want and need to learn these skills but whose companies cut the training budget, or who don't offer reimbursement for courses, it's a fantastic option," he says. Cybrary also emphasizes a focus on talent from developing nations that might not have the computing resources or infrastructure available to otherwise study and address security threats.

"The cybersecurity landscape changes so quickly that it's already nearly impossible to keep up with the emerging threats without ongoing access to continuing education. You need to make awareness and education of your security talent the linchpin of your overall strategy," says Corey.

Listen to your talent

If you have the talent and you're willing to invest in their education and training, you're on the right track. But those investments won't pay off unless you're also committed to following through on their recommendations, says Mike Ricotta, head of development at Blue Fountain Media and a cybersecurity expert.

Make sure your skilled, certified, experienced security employees aren't needlessly having their work impeded by operational priorities -- because ensuring the security of your organization and its data, not to mention that of its customers, is priority number 1. Even if the expected cost of recourse for a security failure may not outweigh the costs for proactive resolution, the damage to your business's reputation and loss of customer trust can be devastating.

"If your organization is serious about ensuring security, make sure that you give your talent a voice and you take every recommendation seriously, because the one that gets compromised may very well be the one that's exploited," Ricotta says.

This story, "Don't overlook your biggest security flaw -- your talent" was originally published by CIO.


Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline