The Fortinet 2024 Skills Gap report sheds light on the challenges facing the cybersecurity sector regarding training.
Cyber Threats are Becoming More Complex
Cyber threats are becoming more advanced and difficult to manage each year. In 2023, the five most common cyberattacks—malware, phishing, web attacks, password attacks, and Trojan horses—still topped the list. However, recovery times have drastically increased; 63% of organizations took more than a month to fully recover, while 28% required four months or longer. This underscores the growing impact of attacks and points to the need for stronger prevention and recovery strategies. Furthermore, 80% of the surveyed organizations predict an increase in cyberattacks, with an expected rise of 19.3% in the coming year. Companies must prepare for longer recovery periods and invest in more resilient security measures.
Boards Show Increased Interest in Cybersecurity
More and more boards are viewing cybersecurity as a priority. 97% of board members now consider it a business priority, and 72% of boards have devoted more attention to cybersecurity in 2023. This focus includes mandatory cybersecurity training and investment in better security solutions.
Human Errors are a Major Cause of Breaches
One of the most notable findings from the Fortinet 2024 Skills Gap report is that human errors are one of the leading causes of security breaches. As many as 80% of cyberattacks target end-users, employing techniques such as social engineering and phishing. These types of attacks exploit the weakest link in the security process: the human factor. Untrained employees often unwittingly click on malicious links, open suspicious attachments, or disclose sensitive information, opening the door for attackers to compromise systems.
The lack of training and awareness within IT teams and the broader organization poses a significant risk. According to the report, 58% of respondents indicated that inadequately trained IT staff are a major cause of security breaches. Additionally, 56% cited a lack of security awareness among employees as a risk factor. This shows that technical measures alone are not sufficient to mitigate the risks of cyberattacks. People play a crucial role in defending against cyber threats, and without the right training and awareness, they remain a vulnerable link.
To address this challenge, organizations are increasingly implementing cybersecurity awareness programs. These programs teach employees to recognize suspicious activities, handle information safely, and be mindful of their digital actions. Moreover, many companies are considering requiring IT staff to obtain official certifications that enhance their cybersecurity knowledge. The report shows that 62% of organizations plan to make certifications mandatory for their staff, while 61% want to implement broader security awareness training.
Shortage of Trained Personnel Remains a Significant Risk
The lack of qualified and trained security staff remains a problem for many organizations. This highlights the importance of targeted cybersecurity training to mitigate risks. Certifications remain a key feature of competency within the sector.
Certifications are Crucial for Cybersecurity Knowledge
Certifications continue to be an important means of validating cybersecurity skills. 91% of IT leaders prefer certified candidates, indicating that certifications are becoming increasingly important for hiring and development.
With the growing skills gap and the increasing frequency of cyberattacks, organizations are focusing more on building a certified workforce. Investing in training and certifications remains a priority to address these challenges.
In summary, the report shows that ongoing investments in personnel training, security solutions, and recruitment strategies are crucial for effectively combating increasing cyber threats.