Op-Ed: Security maturity is not a technical-only problem – invest in your people
By developing the skills of your people, you can significantly elevate how your organisation approaches security. Not only to manage current changes but, also to anticipate and adapt to the future in the ever-evolving landscape of cyber security.
With technology constantly changing, cyber threats are becoming increasingly sophisticated. They no longer distinguish target organisations by size and industry.
Cyber security and cyber security maturity are not technical-only problems. We need people who can improve cyber security maturity from the top down. We need people who can develop, build, and deliver a cyber security strategy that meets the objectives of an organisation.
We need security professionals who can successfully liaise with different business units and communicate threat and risk impacts in a way the business understands. This ensures that suitable mitigation measures are in place. To do this effectively, companies must elevate their cyber security maturity to stay one step ahead. The best way to start is to invest and train your people in key skills outlined below.
Risk management
Measuring the efficiency and effectiveness of the current cyber security strategy is often performed from a risk perspective. There needs to be an executive decision to accept, avoid, transfer, or (as a best practice) reduce or mitigate the deemed risk. Professionals must then learn to identify, assess, and prioritise potential threats based on their impact and probability. They should know how to create and implement strategies to mitigate identified risks and efficiently allocate resources to protect critical assets.
Security architecture and design
Designing robust security architectures is fundamental to a proactive cyber security strategy. Professionals need a deep understanding of how to integrate security controls into networks and systems. They must be skilled in implementing measures like firewalls, intrusion detection systems and encryption protocols.
Threat intelligence analysis
Staying ahead of cyber threats requires continuous monitoring and analysis. Skills in threat intelligence involve gathering and interpreting data on emerging threats and vulnerabilities. Analysts use these to anticipate and prepare for potential attacks. They must also know the latest attack vectors, tactics, and trends.
Compliance and governance
Adherence to relevant regulations is crucial. Professionals must be well-versed in Australian legal requirements, industry standards and best practices to ensure the company meets obligations under local laws. Through internal policies and tools for Endpoint Detection & Response (EDR), they maintain compliance, safeguard against regulatory risks and enhance overall cyber security posture.
Security awareness training
Human error remains one of the leading causes of security breaches. The 17th-annual Data Breach Investigations Report (DBIR) by Verizon Business found that 68 per cent of breaches involve a non-malicious human element. Organisations need to invest in educating employees about cyber threats, safe practices and how to recognise phishing attempts or other malicious activities.
Ultimately, every organisation will differ in its security maturity; however, what remains true is that an over-reliance on technology solutions to fix people and process problems will continue when there is little to no value placed on the education and training of people.
