There’s a major threat facing every Canadian business right now, and it’s coming from within the organization.
It can be as simple as one unaware employee who clicks on a nefarious link and can cost a company millions in damages. In fact, a recent Fortinet survey found that around 80 per cent of organizations reported at least one breach over the last year that they attributed to a lack of cybersecurity skills or awareness. This year alone, Canadian companies shelled out a whopping average of $7.05 million per data breach.
Cyber risk continues to grow exponentially for companies across Canada, especially with the rise of Crime as a Service (CaaS), where cybercriminals can be solicited for hire on the dark web. In fact, earlier this year, FortiGuard Labs reported a nearly 100 per cent increase in ransomware variants, demonstrating the sophistication and scale of the criminal ecosystem.
Combined with the increase in endpoints due to remote work, the attack surface is increasing, and the threat is becoming more and more omnipresent. It’s easier than ever for an attacker to break into a company’s system and wipe or hold its data ransom, and all it takes is one weak link within your organizational chart.
While a fully staffed and trained IT team is required to constantly monitor for attacks that could wreak havoc on business operations — both from inside and outside the company — the reality is that there is a global shortage of qualified cybersecurity professionals. Most organizations continue to struggle to recruit and retain talent on their security teams. This means that threats can fall through the cracks, resulting in expensive and devastating data breaches.
With security teams often short-staffed, a people-first approach to cybersecurity with a focus on engaging employees across the company is vital to fill these gaps. It’s becoming more and more evident that investing in cybersecurity training for all employees is one of the most important and ROI-maximizing actions a company can take to protect itself.
Companies must recognize that a cyberattack is not an “if” but a “when” and address the threat that employees who lack fundamental cyber awareness can pose. In fact, most cyberattacks result from an error on the part of an employee not following proper cyber hygiene, clicking on a suspicious link or opening a nefarious attachment. All it takes is one lapse in judgment for the entire company to be compromised.
Investment in cybersecurity training and awareness for all existing employees across the company is vital. Upskilling and helping all employees recognize the tactics used by cybercriminals may decrease threats by creating additional lines of defence for the organization.
Resources like the Fortinet Training Institute, which has teams based in Ottawa, offer on-demand programs that provide training for varying skill levels from beginner to advanced experts to help organizations fill critical security positions and increase cyber awareness. The programs don’t require any time off work, so there is no loss in productivity.
Training is a sound investment, as almost all decision-makers (95 per cent) believe that technology-focused certifications positively impact their team and make for valuable hires. Employees who are knowledgeable, qualified and/or certified to protect their business can be a vital asset in an organization’s holistic risk management strategy — and save their companies millions in the long run.
Expanding the potential talent pool by reaching out to under-represented communities is another way to tackle the skills gap; this helps grow the number of entrants to the profession and at the same time supports institutional diversity goals.
Every organization’s risk management strategy must involve investments in closing the cyber skills gap. The recruitment, retention and certification of cybersecurity professionals will always be critical for any business seeking to develop, test and maintain a holistic risk management strategy.
But to mitigate risk from top to bottom, organizations must also consider cyber awareness and upskilling training for all employees. Investing in proper cybersecurity skills training and talent is a relatively small investment when compared to the potential $7 million a data breach could cost your company.
As business leaders, we think in terms of ROI, and the truth is that the ROI from employees at all levels who are empowered, qualified and certified to protect the organization is invaluable. They are your first line of defence and are among the most important and effective ways to mitigate risk and incubate a security culture. Don’t wait until it’s too late to take action.
Learn more about Fortinet’s free cybersecurity training, which includes broad cyber awareness and product training. As part of the Fortinet Training Advancement Agenda (TAA), the Fortinet Training Institute also provides training and certification through the Network Security Expert (NSE) Certification, Academic Partner and Education Outreach programs.
This story was provided by Fortinet for commercial purposes.