Degrees are not enough to keep cybersecurity defenses effective for the long term

By pratosh |Email | May 1, 2018 | 3657 Views

University qualifications in cybersecurity are important but are only a start to keeping up with the changing cybersecurity threat, according to a corporate cybersecurity executive and teacher who is currently leading nearly 3500 attendees through an online cybersecurity skills course dedicated on phishing countermeasures.

 That course, offered through Charles Sturt University's IT Masters program, has been running across 4 weeks in April and was designed by cybersecurity educator Bianca Wirth as an intermediate-level approach to enabling businesses fight back against phishing from a people, process and technology perspective.

 It's the kind of complementary training that Wirth who is currently registered in the IT Masters program and works as global cyber and physical security education and awareness manager with a major insurance company says is critical for business and technical staff working to promulgate a cybersecurity-aware culture throughout any company.

 There's still the perception in industry that you need certifications, a Master's degree or a specialty degree in a particular area to be regarded as well-trained in cybersecurity, Wirth told CSO Australia. The Master's credential is helpful, but that will still complement less traditional styles of learning.

 Because they are delivered online, complementary courses can be repeatedly updated as new attacks or techniques come to light making them an ongoing educational resource for time-pressured cybersecurity practitioners. Such training complements other continuous improvement strategies Wirth and her team employ at her current employer, where gamification techniques and active phishing of employees help keep awareness of the phishing problem front and center.

 The recent Verizon Data Breach Investigations Report (DBIR) 2018 found that human complacency and error were the major contributor to the incidence of data breaches, with 4 percent of people clicking on any given phishing campaign and repeat offenders even more likely to do it again.

 Public sector and professional services targets were particularly vulnerable to manipulation by phishing, with stolen credentials and personal data heavily targeted and contributing to shocking numbers of data breaches. In addition, while Verizon recommends the use of two-factor authentication to reduce the incidence of phishing-engendered malware, regular training is equally important in maintaining awareness.

Cybercriminals certainly are not standing still, with the recent Nuix Black Report 2018 finding that attackers also tend to be well trained. Fully 40 percent of respondents to that survey, which polls white-hat and black-hat cybersecurity experts, said they have three or more technical certifications.

 Despite this, 78 percent said that these certifications are not a decent indicator of technical capabilities, beyond helping them secure employment. Cybersecurity credentials have been linked with higher salaries overall, reflecting the industry demand for at least a baseline of security skills.

Source: HOB