Building a Cyber Aware Workforce

When it comes to cybersecurity, employees can be your greatest defenders or your worst vulnerability. To protect data and other valuable digital assets, it’s never been more important to build a cyber aware workforce. In the United States, the White House has issued warnings encouraging organizations to bolster their cybersecurity defenses. And one of the bullets on the accompanying Fact Sheet states:

“Educate your employees to common tactics that attackers will use over email or through websites, and encourage them to report if their computers or phones have shown unusual behavior, such as unusual crashes or operating very slowly.”

It’s critical for employees to understand the risks of taking security shortcuts. Many companies are just one accidental click away from an attack. In a global ransomware survey conducted by Fortinet, 67% of organizations reported having been a ransomware target, and nearly half said they had been targeted more than once. Even worse, a jaw-dropping one in six said they had been attacked three or more times. It’s clear that many organizations need to work on their security strategies to include workforce cybersecurity training because what a lot of them are doing now doesn’t always ensure proper cyber hygiene from employees. Programs such as Fortinet’s Security Awareness and Training service can help organizations further enhance their security posture against threats by educating and training all employees.

Help Employees Do the Right Thing

On a day-to-day basis, a lot of a CISO’s focus is on technology. What protections do we need? Where are there security gaps? But in addition to the technology, organizations also need to ensure their employees know what a phishing email looks like (or what it is) to prevent them from falling victim to cyber attackers and consequently introducing risks to the organization. Employee cybersecurity training and education must be a key part of any security strategy.

Building a cyber aware workforce and culture requires training and ongoing awareness of the dangers of doing seemingly innocuous things like surfing the web, checking email, or opening attachments. Everyone in the company needs to view preventing cyberattacks as part of their job description. Although you can’t expect everyone to become a cybersecurity analyst reading logs, you can give them the information they need to perform their job safely, no matter where they may be working. The tendency for people to be more relaxed and comfortable in a home environment is part of the reason for the increase in cyberattacks as more people started working remotely or following a hybrid model.

Organizations should ensure that everyone in the company has a foundational understanding of cyber threats, regardless of their role or location. The Fortinet Security Awareness and Training service is designed to help organizations educate their workforce about cyber threats, such as phishing, social engineering, and ransomware attacks, and how to protect against them. The awareness and training service can be used for the entire workforce, including both technical and non-technical employees and contractors. Designed by the Fortinet Training Institute, which provides cybersecurity certification and training, the service is aligned to the National Institute of Standards and Technology (NIST) guidelines (NIST 800-50 and NIST 800-16). The engaging and relevant courses cover topics such as information security awareness, data privacy, physical security, password protection, and internet security. It also takes advantage of FortiGuard Labs threat intelligence, so the training is informed by the latest developments observed across the threat landscape.

An Integrated Approach to Cybersecurity

Having a cyber aware workforce is an integral part of improving the organization’s overall strong security posture. Just like a manufacturing company provides safety equipment like eye protection and training, cybersecurity protection and training shouldn’t be optional.

To prevent cyberattacks, organizations really need a combination of the right security technology and a cyber aware workforce that is trained to spot threats and not fall victim. When it comes to the technology, organizations need to make sure they have integrated solutions that make it possible to see what is happening throughout the network. You can’t protect what you can’t see; visibility needs to extend to every endpoint, which should be protected with endpoint detection and response (EDR) solutions. And if you have remote workers, protection using zero trust principles is essential.

As a CISO, you need to provide justification for allocating money for training and cybersecurity tools. Cybersecurity incidents can be expensive. According to the Cost of a Data Breach Report 2021, data breach costs rose from $3.86 million to $4.24 million. With the risks of attack and costs continuing to rise, organizations can no longer afford not to educate their employees about cybersecurity.

Learn more about the Fortinet free cybersecurity training initiative and Fortinet’s Training Institute, including the NSECertification program, Academic Partner program, and Education Outreach program which includes a focus on Veterans.