Virtual training

Vacation Salvation: Training a Cybersecurity Team So Your Holiday Isn’t Hacked

Jeremy Hess

Jul 18, 2019 - 3 min read
vacation cyber security teams hacked

Whether you call it a holiday or vacation, one thing is clear – few professionals deserve a break as much as chief information security officers (CISOs). In “Life Inside the Perimeter: Understanding the Modern CISO,” a report by Nominet based on a global survey of CISOs, all respondents said they were stressed. However, what’s more alarming is 91% felt moderate or high stress, 27% work up to 60 hours weekly, 1 in 5 are reachable 24/7.

And, 89% of U.S. CISOs said they’ve never had a two week break from their role. Yikes.

According to Cyber Defense Magazine, a business falls victim to a ransomware attack every 13.275 seconds. Talent for handling such constant threats is scarce; by 2021 there will be an estimated 3.5 million unfilled cybersecurity positions. There’s more to do, less people to do it with, and the burden falls on beleaguered CISOs who typically end up handling issues when they finally get time off.

So, if you’re a CISO here’s a pro tip: You need a device-free vacation, and the summer is the perfect time to do it. But before leaving the office, make sure your cybersecurity team is fully trained. The more they’re up-to-speed, the more you’ll enjoy your downtime – and that mojito that’s calling your name.

Virtual IT Training Labs Cloud Buyer's Guide

Let them handle it

One of the most effective methods for learning is via hands-on engagement, the practice-by-doing method. There are a number of ways you can use this approach to prepare your cybersecurity team.

Cyber ranges, a staple in the government and military, are now being used in business. These enable teams to train for incident response in safe, sandboxed labs that mirror real-world scenarios. This can enable your team to accurately evaluate situations – and know the appropriate response – so they can handle attacks without calling you into battle.

Another popular tactic used by enterprises is hosting their own virtual training labs. These similarly teach teams to tackle fast moving, real-world exploits, like malware attacks, via first-hand involvement. Using a replica of a company’s IT infrastructure, teams learn how to thwart enemies without fear of making damaging mistakes because the training is separate from the actual network environment.

It’s simple. The more hands-on experience they get, the more they can handle. That means you’ll spend more time on the beach tanning and less time taking calls.

Pick effective tech

There are particular features of virtual IT labs that can increase the effectiveness of complex cybersecurity training. However, not all solutions deliver the same support, so CISOs should evaluate the technology closely to make sure the capabilities are on target and can accommodate newer best-practices.

For instance, many enterprises are finding multi-step classes make the most sense and have a tremendous impact. In these, instructors lead students between environments, moving from level to level logically without interruption or the need for additional classes. This increases comprehension, simplifies classes and saves time.

Another vital training feature is the ability for instructors to view what a team member is doing, as they’re doing it, accompanied by direct chat communication. Through this, instructors can recognize when a team member is struggling and step in with assistance precisely when it’s needed most of all.

Reinforce to enforce

Employee negligence remains the biggest cybersecurity risk to businesses, as threats are often introduced by non-technical employees. Research by Varonis, a company versed in protecting enterprise data, shows 65% of companies have more than 500 employees who have never changed passwords, making it easier for bad actors to obtain sensitive information.

That said, a CISO can help teams – and reduce the likelihood of a crisis – by reinforcing the importance of proper cybersecurity hygiene with employees. Make sure formal training and informational sessions are being conducted. Promote awareness with internal communications. Prior to vacation, perhaps use security modules to test malicious email scenarios with employees.

CISOs should also make training programs available on-demand so employees and teams always have convenient access to these vital resources. After all, if you give anyone a reason to call when you’re away, you may never end up getting off the phone.

Give yourself a break

CISOs are burning out and creating professional churn, widening an already alarming cybersecurity leadership and skills gap. More than half of the CISOs surveyed for “Life Inside the Perimeter” reported an average job length of less than three years – nearly a third holding the position less than two years.

Training is the CISO’s vacation salvation, a way to get a break and keep a holiday from being hacked by cybersecurity fire drills. For smart leaders, empowering teams to do more may also be the best way to preserve and promote a lasting, successful career.

Ready to book that trip you’ve always wanted to take? Connect with us. We’ll help you strengthen lines of defense across the enterprise prior to your trip so you can focus on packing.