A new report has revealed that African professionals remain concerned about the relevance of current cybersecurity training even as companies continue to increase their spending to combat cyberthreats.
The report of the recent studies by cybersecurity firm, Kaspersky, found that companies are investing heavily in training their cybersecurity teams across the Middle East, Turkey, and Africa (META) region.
The report titled “The portrait of the modern Information Security professional,” surveyed over 1,000 information security (InfoSec) professionals worldwide.
The findings show that businesses are dedicating significant resources to upskilling their cybersecurity staff. Over 70% of companies spend more than $100,000 annually on cybersecurity training for employees. A large portion, 43%, invest between $100,000 and $200,000 per year, while 31% allocate over $200,000.
The findings show that businesses are dedicating significant resources to upskilling their cybersecurity staff. Over 70% of companies spend more than $100,000 annually on cybersecurity training for employees. A large portion, 43%, invest between $100,000 and $200,000 per year, while 31% allocate over $200,000.
However, concerns exist about the effectiveness of current training programs. Nearly half (48%) of respondents from the META region cited a lack of relevant courses that address new and emerging cybersecurity threats. Europe has the smallest share of respondents who say they have a good selection of cybersecurity training programs.
The study also highlights a significant learning gap and challenges in practical skills application, “50% of respondents from the META region also stated that trainees tend to forget what they learned because they had no opportunity to apply newly acquired knowledge, therefore the courses were useless to them. The need for special training prerequisites such as coding and advanced mathematics, which were not specified at the pre-registration stage were also problematic for 37% of practitioners from the META region.”
“Based on the above-mentioned criteria, namely training staff’s experience in cybersecurity, access to the latest technologies, experience in real-life cybersecurity incidents, and internships with real job experience, the META region has the poorest quality of cybersecurity education as it scores less than 3 points on all assessment criteria, while LatAm has the best quality of cybersecurity education as it scores more than 3.7 points on all aspects,” Veniamin Levtsov, VP of the Center of Corporate Business Expertise at Kaspersky, said on the findings.
“With a constantly evolving threat landscape,” Levtsov said, “businesses should continually improve the skills of their cybersecurity personnel in order to be well prepared for sophisticated cyberattacks. Developing high-profile specialists within the company and building internal expertise can be an effective strategy for organisations that aim to retain existing employees and allow them to grow professionally, instead of constantly hunting for new candidates and checking their professional backgrounds and practical skills. For organisations served by Managed Service Providers it is also important to maintain a pretty high level of expertise internally and use the same language when discussing the scope of services and Service Level Agreement with them.”
To effectively upskill cybersecurity teams, Kaspersky experts recommend that firstly, organisations should invest in quality cybersecurity courses for staff to keep them up to date with the latest knowledge.
Secondly, they suggest using interactive simulators to test employees’ expertise and assess the way they think in critical situations.
Lastly, it is advised to provide InfoSec professionals with in-depth visibility into cyberthreats targeting the organisation.
