Cyber security training must reflect real risks, warns the IISP

In the rush to skill-up through cyber security training, the IISP warns businesses may go down the wrong track, resulting in a false sense of security

Companies should invest wisely in cyber security training, carefully considering the quality and real benefits, advises the Institute of Information Security Professionals (IISP).

Following the recent wave of global cyber attacks, the IISP believes that inexperienced or narrowly focused training providers may jump on the bandwagon, offering cyber security courses that do not provide the skills and techniques businesses need to prevent and deal with attacks, giving companies a false sense of security and leaving them vulnerable.

“After the WannaCry and Petya ransomware attacks, the need for organisations to improve their cyber security strategies has become abundantly clear and demand for cyber security training has continued to grow,” said Amanda Finch, general manager at the IISP.

“While the move by companies to be more proactive in educating their practitioners and staff about cyber security is certainly very positive, the risk is that overwrought teams will invest in training that provides only high-level or regurgitated content, which isn’t adequate and fails to reflect the evolving threat landscape, new technologies and significant changes in cyber skill profiles and challenges.”

According to the IISP, it is often difficult for organisations to know which training courses or providers are right for them and their teams, especially for many small to medium-sized enterprises (SMEs) that may not have high levels of in-house cyber security skills and experience to scope out the problem or understand their knowledge deficit.

Continue reading…