The Good Tech Companies - INE Security Enables CISOs To Secure Board Support For Cybersecurity Training
Episode Date: May 28, 2024This story was originally published on HackerNoon at: https://hackernoon.com/ine-security-enables-cisos-to-secure-board-support-for-cybersecurity-training. According to ...the Ponemon Institute’s 2023 Cost of Data Breach Report, organizations with extensive incident response planning and testing programs saved $1.49 m Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cybersecurity, #ine-security, #cyberwire, #press-release, #ine-security-announcement, #cyber-threats, #cybercrime, #good-company, and more. This story was written by: @cyberwire. Learn more about this writer by checking @cyberwire's about page, and for more stories, please visit hackernoon.com. CISOs are increasingly anxious because while they realize the ax will fall on them when the inevitable breach occurs, securing boardroom support for heavy investment in preventative measures is challenging. Human error remains one of the leading causes of security breaches. Investing in cybersecurity training is a strategic investment that can yield significant returns.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
INE Security enables CISOs to secure board support for cyber security training by CyberWire.
Cary, United States, May 28, 2024, CyberNewsWire.
If there is a single theme circulating among chief information security officers, CISOs,
right now, it is the question of how to get stakeholders on board with
more robust cyber security training protocols. There are key points debated about why you should
provide cyber security training to your IT professionals, like the alarming increase in
cyber attacks, an increase of 72% over the all-time high in 2021, according to the Identity
Theft Research Center's 2023 data breach report,
or the rapid evolution in technology, creating a constant game of catch-up.
But it isn't a question of if an organization will be targeted, but when. CISOs are increasingly anxious because while they realize the axe will fall on them when the inevitable breach occurs,
securing boardroom support for heavy investment in preventative measures, like training,
is challenging in a world where revenue is demanded for each dollar spent.
Greater than, the path to securing the boardroom's buy-in is more complex than simply greater than
having the right statistics and studies on paper, says Dara Warren, the CEO of Greater
Than INE Security, a global cybersecurity training and certification provider.
Greater than, to bridge the gap between CISOs and stakeholders, CISOs must adopt a greater
than strategic approach that combines financial impact data, relevant case studies, greater than
in compelling narratives. Framing cybersecurity training as an essential greater than investment
rather than an optional expense is critical. The human factor in cybersecurity Cybersecurity is not just about technology, it's about people.
Human error remains one of the leading causes of security breaches.
A study by Verizon in their 2023 Data Breach Investigations report found that 68% of breaches
involved a human element, such as social engineering, misuse of privileges, or simple
mistakes. This highlights the importance of equipping employees with the knowledge and skills to
recognize and respond to potential threats. Case Study
Capital One Data Breach In 2019, Capital One experienced a data
breach that exposed the personal information of over 100 million customers.
The breach was caused by a misconfigured web application firewall,
which allowed an attacker to access sensitive data stored on Amazon Web Services, Oz.
This incident underscores the importance of training employees on cloud security practices and the proper configuration of security tools.
In response, Capital One enhanced its cybersecurity training programs to include cloud security, emphasizing the need for regular audits
and configuration checks. This case illustrates how specialized training can prevent costly
breaches and protect sensitive data. The ROI of cybersecurity training investing in cybersecurity
training is not just a defensive measure, it's a strategic investment that can yield significant
returns. A well-trained workforce, not just security awareness but the
society and networking teams, can serve as the first line of defense against cyber threats,
reducing the likelihood of breaches and minimizing potential damages.
According to the Poneman Institute's 2023 Cost of Data Breach Report,
organizations with extensive incident response planning and testing programs saved $1.49 million compared to those
with lower levels. Case study. Maersk NotPetya attack in 2017. Shipping giant Maersk was hit
by the NotPetya malware, which spread rapidly through its global network, causing a complete
shutdown of its IT systems. The attack was initiated by a compromised software update,
exploiting poor cybersecurity hygiene and a lack of employee training on identifying malicious software.
The incident cost Maersk over $300 million in losses.
In response, Maersk implemented a comprehensive cybersecurity training program focusing on
recognizing malicious software, securing software updates, and responding to cyber incidents.
This case highlights the necessity of training employees on the latest cyber threats and best
practices. Crafting a compelling narrative for the boardroom The company's financial data and
case studies are important to secure, but communicating that to the boardroom remains
a challenge for CISOs. To get the message across, CISOs must also craft a compelling
narrative that resonates with the board members. Here are some key strategies. 1. Speak the board's language. Board members are
often more attuned to financial metrics and business outcomes than technical jargon.
CISOs should frame cybersecurity training as a business enabler that protects the organization's
bottom line. Highlighting the potential financial losses from breaches and the ROI of training programs can
make a compelling case. Backslash.2. Use real-world examples. Real-world case studies, like the attacks
on Maersk NotPetya and Capital One, can illustrate the tangible impact of cybersecurity training.
These examples provide relatable scenarios that underscore the importance of investing in employee education.
Backslash.3. Leverage data and statistics. Presenting data from reputable sources can lend credibility to the argument. Statistics that demonstrate the prevalence of human error
in breaches and the financial benefits of training can be powerful tools in persuading the board.
Backslash.4. Emphasize regulatory compliance regulatory requirements, such as GDPR and CCPA.
Mandate stringent data protection measures. Failure to comply can result in hefty fines
and reputational damage. Emphasizing how cybersecurity training can help meet these
regulatory requirements can be an effective angle to secure board buy-in. Highlight competitive
advantage in an increasingly
competitive market. Robust cybersecurity measures can be a differentiator. Companies known for their
strong security posture are more likely to attract and retain customers. CISOs can highlight how a
comprehensive training program can enhance the organization's reputation and competitive edge.
Overcoming common OBJECTIONS board members may raise
objections regarding the cost and time required for cybersecurity training. CISOs should be
prepared to address these concerns with data-driven arguments and strategic insights.
Cost concerns While the initial investment in training programs may seem significant,
CISOs can emphasize the long-term cost savings from preventing breaches.
According to the Poneman Institute, the average cost of a data breach in 2023 was $4.45 million.
Investing in training can mitigate these costs by reducing the likelihood and severity of breaches.
Time constraints board members may worry about the time employees will spend on training.
CISOs can advocate for flexible, modular training programs that allow employees to learn at their OWNPACE without disrupting
productivity. Additionally, emphasizing the efficiency of targeted training programs can
alleviate concerns about time investment. CISOs are key players in protecting their
organizations from cyber threats. Getting the boardroom to buy into an investment in cybersecurity training is no easy task, but utilizing some of these strategies can
make it more successful. Including these steps in the process of communicating your needs to
stakeholders will help secure the support and resources needed to roll out effective training
programs and ultimately better safeguard the organization's digital and physical assets.
The stakes are high,
and having all stakeholders on the same team is critical to the long-term success and security of an organization. About INE SEC URITYINE Security is the premier provider of online
technical training and cyber security certifications. Harnessing the world's most
powerful hands-on lab platform, cutting-edge technology, global
video distribution network, and world-class instructors, INE is the top training choice
for Fortune 500 companies worldwide and for IT professionals looking to advance their careers.
INE's suite of learning paths offers an incomparable depth of expertise across cyber
security, cloud, networking, and data science. INE is committed to delivering
advanced technical training, while also lowering the barriers worldwide for those looking to enter
and excel in an IT career. Contact Press Team INE Press at n.com. Tip This story was distributed as
a release by CyberWire under HackerNoon's business blogging program. Learn more about the program
here. Thank you for listening to this Hackerernoon story, read by Artificial Intelligence.
Visit hackernoon.com to read, write, learn and publish.