Today’s columnist, James Hadley of Immersive Labs, argues that the industry has to move away from cybersecurity certifications. (Stock Photo, Getty Images)
Many organizations still rely on outdated approaches to measuring cyber capabilities, including expensive industry certifications and annual training courses, which could be giving teams a false sense of security.
With 82% of security leaders believing they could have mitigated the damage of their most significant cyber incident if they were better prepared, it’s time to rethink old-school methods and embrace a new data-driven approach to building and proving cyber resilience: the ability to successfully prepare for and then respond to cyber threats.
Leaders should question the industry’s overreliance on outdated certifications because they fail to build and prove hands-on knowledge, skills, and judgment. Instead, we should focus on continuous improvement through regular exercises via real-life fire drills, measuring the capabilities of teams and individuals, and filling talent gaps before it’s too late. This will result in stronger cyber postures for organizations and the confidence to know that teams are truly ready when a crisis hits.
Traditional certifications and training are flawed for many reasons. They take years to develop, by which time they are already outdated, and are updated infrequently. Cyberattacks are evolving at a rapid pace, and certification programs can’t keep up. Additionally, the cost of maintaining certifications has become prohibitive for many organizations, making it difficult to justify the investment. It’s clear that certifications alone are not the solution.
These methods fall short when it comes to reacting and recovering quickly from cyberattacks. Infrequent training sessions do not align with the pace of the real threat landscape, and professionals are not engaged with the information they receive.
Hands-on practice and realistic, simulated scenarios are necessary to develop cognitive agility and muscle memory for tackling real breaches. Without concrete proof or data demonstrating cyber resilience, leaders lack the metrics needed for meaningful conversations with boards and senior leadership.
By embracing a data-driven, always-on approach, we can build true cyber resilience and confidently face the challenges of the ever-evolving cyber threat landscape. The future of cyber resilience, requires that leaders adopt the following four criteria:
By adopting this approach, security leaders gain a comprehensive view of team and individual preparedness for attacks, and they can make informed decisions and ensure alignment throughout the organization. This approach will lead to tangible proof of cyber resilience and ultimately create more secure organizations.
The rise of cyberattacks targeting the human element exposes the inadequacy of traditional cybersecurity certifications and training, which fail to offer the necessary skills and confidence to effectively respond to and recover from cyber incidents.
The industry needs a data-driven approach that focuses on continuous improvement, hands-on practice, and realistic simulations. By breaking free from outdated methods and embracing a stronger cybersecurity culture, organizations can confidently face the challenges of the evolving threat landscape and create a more secure future.
James Hadley, founder and CEO, Immersive Labs
Sudha Iyer
Here’s a strategy for maintaining effective cloud security even while facing the ongoing skills gap.
SC Staff
Universities and underserved communities that lack the necessary resources to ensure defenses against cybersecurity threats are being prioritized by California-based IT security company Stellar Cyber in its new cyber workforce program, EdScoop reports.
Stephen Weigand
Nearly a third (32%) cybersecurity professionals responded in a recent poll also found that they are interrupted by work every night.
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.
