Gone are the days when employees thought that the company’s IT department was merely in charge of installing text editors or fixing printers when they broke down. Luckily for everyone, most IT professionals not only enjoy a high standing in their companies, but they also play a vital role for their colleagues.
However, within this sector, there’s a niche that is perhaps less well known than it should be: that reserved for cybersecurity experts. Are companies and their employees aware of how important work in corporate cybersecurity is? Is there a real understanding about the tasks that these employees carry out? For that matter, do IT or computer science students know that this is one of the fastest growing professional outlets?
20% don’t know about these jobs
The results aren’t as encouraging as we’d like. According to the University of Phoenix 2018 Cybersecurity Survey, over 20% of adults in the USA have never heard of some of the most common jobs and professions in the cybersecurity world. In fact, barely 10% are very familiar with these kinds of professions. Even jobs and professional profiles such as those of cybersecurity experts or ‘ethical hackers’ are relatively unheard of.
But it doesn’t end there. According to the study, barely 20% of the students surveyed had considered working in cybersecurity. Worse still is the fact that this negative response is due to the “belief that they don’t have the right skills”, despite “saying that they have many of the skills (programming, data analytics, web development) that are taught in cybersecurity programs at university,” affirms Dennis Bonilla, executive dean of the College of Information Systems & Technology at University of Phoenix.
A danger for companies
The timing of this lack of knowledge about cybersecurity job openings is far from ideal. Whether it’s SMEs or large companies, this situation leaves them in a delicate situation with three negative consequences:
1.- Exposure to cyberattacks. A company whose employees have very limited cybersecurity knowledge and awareness is a company with a higher risk of being attacked. And the current situation doesn’t help: according to Risk Based Security’s Data Breach QuickView Report, in the USA alone, there were 5,207 breaches and 7.89 billion records compromised in 2017. This is a clear indicator that companies need cybersecurity to form part of their comprehensive strategy.
2.- Lack of awareness. Most of the time, large cyberattacks get in using the company’s weakest point: its employees. Because of this, employees without cybersecurity awareness training can exponentially increase the risk of incidents.
3.- Lack of talent. With many students not considering a career in the cybersecurity sector (even though they do in fact have the right skills), the lack of available talent will become more noticeable. Conversely, if companies don’t incorporate cybersecurity as an important pillar in their strategy, they will struggle to identify and hire the best professionals.
Keys for improving cybersecurity
It’s clear that all companies, regardless of their size, must make their entire staff active participants in preventing cybersecurity incidents. And they can do so with five basic premises.
1.- Raising awareness. Employees who aren’t experts in IT security need to know the importance of being protected, and be aware that in many cases they are likely to be the first filter that a cybercriminal will try to get past. This is why raising cybersecurity awareness is vital for the smooth functioning of the company.
2.- Outreach. Raising awareness can’t just be limited to giving a speech to employees about the risks of not being protected. The work has to be active and informative, providing material or training that is adapted to their level so that they are always up-to-date.
3.- Good practices. All employees must also have in mind a series of practices that will help to maintain security: be alert for possible fraudulent emails, be wary of who is sending emails, don’t trust attachments, etc.
4.- Knowledge about the area. Networking within the company itself is essential. Any company will win a lot of points of its employees know cybersecurity heads and work with them on a daily basis; it will create bonds, and any collaboration will be a lot more fluent.
5.- Action protocols. An employee’s intuition and improvisation can’t be the only barriers to stop them putting the company’s cybersecurity at risk. When faced with possible risks, every employee must know who to turn to with their doubts, or how they need to make contact with cybersecurity heads.
Improving general knowledge about cybersecurity in companies of any size is imperative. It is the only way that we can create more secure business environments. If you want to help your employees to learn more about cybersecurity, and for them to be able to contribute to the protection of your company, you can keep up with everything that is going on in the corporate security world here.