IISP calls for better cyber-training to prevent further global cyber-attacks

News by Roi Perez

If 'people' are one of the biggest IT risks in business, surely it's worth investing lots in training them?

The Institute of Information Security Professionals (IISP) has urged companies to invest in quality cyber-security training to offer employees real benefits.

In its latest survey, the IISP says over 80 percent of security professionals identified ‘people' as the industry's biggest challenge, compared to technology and processes.

Amanda Finch, general manager at the IISP, said, “While people are seen as the weakest link in IT security through lack of risk awareness and poor security practices, this “people problem” also includes the skills shortage at a technical level and the risks from senior business stakeholders making poor critical decisions around strategy, budgets and response.

The IISP said in a release that the recent wave of cyber- attacks reveal that inexperienced or narrowly-focussed training providers may jump on the bandwagon, offering cyber- security courses that don't provide the skills and techniques businesses need to prevent and deal with attacks, giving companies a false sense of security and leaving them vulnerable.    

“After the WannaCry and Petya ransomware attacks, the need for organisations to improve their cyber-security strategies has become abundantly clear and demand for cyber-security training has continued to grow,” Finch added.

“While the move by companies to be more proactive in educating their practitioners and staff about cyber-security is certainly very positive, the risk is that overwrought teams will invest in training that provides only high-level or regurgitated content, which isn't adequate and fails to reflect the evolving threat landscape, new technologies and significant changes in cyber-skill profiles and challenges.”

The IISP says It is often difficult for organisations to know which training courses or providers are right for them and their teams, especially for many SMEs that may not have high levels of in-house cyber- security skills and experience to scope out the problem or understand their knowledge deficit.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews