There is a "significant gap" between cyber leadership and human resources in many global organizations, according to the "SOC Skills Survey Report of 2020" from cyber range platform provider Cyberbit.
Key findings from Cyberbit's report included:
- 33 percent of information security respondents said they believe HR understands the requirements to work in a cybersecurity team.
- 65 percent indicated less than half of information security applicants are qualified for the role for which they applied.
- 70 percent noted HR is screening information security candidates by means of conversation and applicant screening processes are "not adequate."
The report also highlighted the value of cybersecurity training, which is reflected in the following results:
- 74 percent of information security respondents stated their current training is impactful but are unaware of other, more advanced forms of training.
- 89 percent said they believe immersive cybersecurity training was more effective when compared to other training models.
- 92 percent recommended immersive cybersecurity training over other models.
The current global cybersecurity workforce is ill-prepared to deal with cyberattacks, Cyberbit indicated. However, there are several things that organizations can do to bridge the gap between HR and cybersecurity and ensure that they are well-equipped to manage cyberattacks, such as:
- Improve Recruiting Process: Teach HR professionals about the roles and responsibilities of information security roles, so they can identify applicants who can handle a wide range of cybersecurity duties.
- Upskill the Existing Workforce: Educate workers across all departments about information security, so they can work together to guard against cyberattacks.
- Update Training and Assessment Practices: Review information security training and assessment programs and update them as needed to ensure that they can help an organization keep pace with current and emerging cyber threats.
Organizations can deploy simulation-based training as part of their efforts to teach its workforce about cyberattacks, Cyberbit noted. In doing so, they can ensure that their employees possess appropriate skills, so they can quickly identify and address cyberattacks.