As organizations face an uphill battle against the ever soaring pace, scale, and cost of breaches, they are being hit at the same time by a critical shortage of the cyber security professionals they urgently need to protect their data and information from hackers.
The majority of cyber security professionals today have never faced a targeted attack. That can, and should, cast doubt within any organization as to how ‘cyber ready’ their team might actually be when subjected to a legitimate attack.
How bad is the shortfall of suitably trained people? Research indicates a 1.5 million person shortage of cyber security professionals by 2020.
This is bad news for organizations everywhere, as the availability of such skilled individuals is critical to keeping their networks secure. Software is no longer enough; businesses are hacked by humans and so humans, fully trained to meet that challenge, are an indispensable part of the ongoing fight of identifying vulnerabilities that can potentially lead to breaches before the adversaries do.
It is this Achilles' heel that has put a sharp focus on the need for continuous hands-on preparation, a new model for skills assessment, and development for professionals both entering and already in the workforce. With the human element now being recognized as the weakest link for hackers to cut through, having a security team that is fully engaged and versed in the latest tactics and techniques is key to the success of any organization’s security program.
Numerous other industries have recognized that on-the-job training is not the time to hone and practice skills.
Surgeons go through extensive training prior to be able to operate on a living person. This include hours upon hours of observation, operating on cadavers, and supervised sessions.
Airline pilots combine classroom with flight simulation training to learn and continuously practice safely. That includes dealing with the most atrocious flying conditions and even preparing for emergencies that no pilot would ever hope to encounter in reality.
There’s too much at stake to continue accepting the current model of cyber skills development. It’s time to evolve our accepted level of training and move towards a more hands-on, immersive learning environment.
This is where Symantec’s leadership in cyber security simulation – the gamification of skills assessment and development – comes to the fore. Through the use of virtualized infrastructure and realistic scenarios, participants learn attack, defense, and response methodologies in a live-fire environment. Security Simulation provides a vantage point into the conditions an organization will face which was previously impossible to achieve until a cyber attack was already underway.
Moreover, as part of its Security Simulation solution strategy, Symantec has acquired Blackfin Security to enhance and accelerate a range of innovative offerings that will empower its customers to improve their cyber security readiness across the enterprise. These offerings will enable them to:
- Assess and develop skills via real-world simulated attack scenarios
- Leverage real-world security skills development that is engaging, interactive and relevant
- Combat latest adversary techniques through multi-stage scenarios in virtual environment
- Identify skills gaps and build plans to address security goals.
- Raise the level of cyber security understanding and best practices across all users of the network
In a world where attacks are now multi-faceted – hacking, cybercrime, cyber warfare and cyber espionage – that level of threat in itself should be the driving force for organizations to change the game on how their security teams are assessed and tested to combat those assaults.