Secure Your Talent

September 30, 2022

Every October, the government and private industry join to raise awareness of cybersecurity. This year’s Cybersecurity Awareness Month (CAM) theme, “See Yourself In Cyber,” couldn’t be more appropriate. Regardless of the role you play — CISO or CHRO, cyber professional or consumer — you play a critical part in protecting your personal and professional information.

 

In our experience, the majority of breaches still contain a human element, which is backed up by Verizon’s 2022 Data Breach Investigations Report. Innocent mistakes and simple negligence make up over 60% of insider threat incidents, costing the average organization nearly $4.6 million each year, according to the 2020 Cost of Insider Threats Global Report.

 

During CAM, please consider communicating and securing multiple sets of talent. Each requires a slightly different approach. As is common every CAM, securing your employees by enabling them to become a strong component of your overall cybersecurity, in turn secures the people and companies who may touch or access your network through third-party vendors. Through some simple yet effective strategies, you will not only secure the talent you have but also the talent you may need. Last but not least, consider securing your supply chain.

 

 

Secure the talent you have.

 

Image
Training_Deck_ppt.jpg

 

Insider threats are real, with both the frequency and the cost increasing dramatically every year. Educate your employees about cyber best practices by leveraging Optiv’s FREE cybersecurity awareness training. Built by cybersecurity subject matter experts at Optiv, this training is built in PowerPoint to easily enable you to:

 

  • Confidently arm your presenter with specific speaker notes
  • Deliver the training to your internal teams as an employee webinar during CAM
  • Export digital images to share on screens and via your intranet

 

Keep in mind that organizations with more than 60% of employees working remotely have a higher average data breach cost than those without remote workers (IBM). Given our new normal of remote and hybrid work for many companies, securing your remote workers is more important than ever.

 

 

Secure the talent you need.

As staff shortages continue to challenge every industry, staff augmentation is becoming a viable alternative to helping organizations fill their key talent gaps. While having previous cybersecurity experience is the primary factor (73%) in determining whether a candidate is considered qualified, 78% of decision makers indicate it is hard to find certified people. That’s why 91% of organizations are willing to pay for the training and certification of their employees.

 

Planning for surge capacity with trusted experts can help you with any challenges you may have whether that requires hands-on-keyboard work, strategic advising, technology optimization or all of the above. Be sure to partner with a company who offers flex services with tested professionals who can also provide short-term skills coverage if a gap arises on your IT team.

 

 

Secure your supply chain.

Cybersecurity education is necessary not only for employees but also for contractors, vendors, fourth parties and suppliers. This training must be done within contracts to hold them accountable and can be a right to audit and/or dictation of compliance requirement. Which standard or framework is not pertinent to this discussion as all standards and third party questionnaires or assessments require some sort of awareness or education. Or the education can be asked for directly in the contracts.

 

In a Gartner survey, 83% of organizations identified that risks had emerged in their third party ecosystem following initial due diligence prior to periodic recertification, and 31% of those risks had a material impact on the business.  With an estimated 67% of all companies saying they have an effective vetting process for vendors and most companies looking at vendors only once during their tenure with companies, this approach leaves a lot to be desired as 63% of breaches occur through a third party.

 

To properly “See Yourself in Cyber,” every organization should consider not only the talent they have but also the talent they need, as well as securing their supply chain. Below is a diagram that outlines all the risks a cyber professional needs to consider as they interact with and share data. Education starts with the individual, and it continues across a spectrum of relationships.

 

TPRM_Circle.png

 

Brian Golumbeck
Executive Director, Risk Transformation Risk and Compliance Advisory Services | Optiv
Brian Golumbeck is a Practice Director within Optiv Risk Management and Transformation Advisory Services Practice. He has a history of leading challenging projects and building dynamic high impact teams. Mr. Golumbeck’s 25+ years working in Information Technology, include 20+ years as an information security professional. Brian is a Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), EXIN/ITSMf ITIL Foundations, and Lean Six Sigma – Greenbelt.
Todd R. White
SVP, NORTH AMERICAN STRATEGIC SALES | Optiv
Todd White has nearly 25 years’ experience in cybersecurity sales and sales leadership. As Optiv’s SVP of North American Strategic Sales, White is responsible for overseeing field sales activities across the United States and Canada. He works closely with Optiv’s professional services leaders and technology manufacturer partners to devise modern, integrated, holistic cybersecurity solutions that enable Optiv clients to achieve their full potential. White routinely consults with Fortune 500 business executives, IT leaders and market analysts on matters of program strategy, technology and solution capabilities, and general trends in the cybersecurity industry.

Optiv Security: Secure greatness.™

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.