Dive Brief:
- Cybersecurity training for workers should be a top priority for 2018, the Financial Services Information Sharing and Analysis Center (FS-ISAC) has told its stakeholders. Because workers are the first line of defense against breaches, chief information security officers should ensure that training includes awareness about downloading and executing unknown applications and information about how to report suspicious emails and attachments, the organization said.
- The recommendations came as the group released its 2018 CISO Cybersecurity Trends survey. In it, 35% of CISOs surveyed said employee training should be financial institutions' top priority. A quarter pointed to network defense and infrastructure upgrades.
- FS-ISAC also recommended that institutions' board members be better informed of risk and that businesses maintain an “at the ready” risk posture.
Dive Insight:
Employees aren't only the first line of defense in the financial sector; 39% of companies' data breaches start internally — as opposed to stemming from an outside attack, according to a Harvard Business Review report. That number includes threats categorized as either negligent, malicious or accidental.
This means employees in all departments need training on cybersecurity best practices, but it also demonstrates the need for cybersecurity professionals. The skills gap in cybersecurity continues to loom ominously for business.
Industry leaders from IBM are working with The Aspen Institute on a cyber-security panel developed to address vulnerabilities and make recommendations of real-world solutions for training and prevention. But despite demand, fewer than 20% of IT professionals are confident of their proficiency in cybersecurity. The burden on business to protect their assets and fill the nearly 2 million unfilled cybersecurity jobs projected by 2022 will require significant training and upskilling efforts.
