i-4's tips on patching the cybersecurity knowledge gap

Matthew Roach, Head of i-4, the International Information Integrity Institute, shares some cybersecurity guidance for global corporations.

There were more security vulnerabilities disclosed in 2020 (18,103) than in any other year to date – at an average rate of 50 CVEs per day. With threat actors trying out new hacking techniques every day, as well as new network features and tools being regularly released (which introduce new vulnerabilities), it is hard for CISOs to keep up. In an attempt to mitigate these threats, global corporations continue to patch and upgrade systems, but what about patching the knowledge gaps of their staff?

Those in charge of security are frequently so busy maintaining and refining the security standards within their corporation, they almost have no option but to neglect their own well-being and professional development. In such a fast paced industry, how can security professionals ensure their knowledge is up-to-date?

Here Matt Roach shares a few tips for global corporations.    

  • Identify your knowledge gaps: Work out where your knowledge gaps are and acknowledge where you can improve by defining your objectives and industry needs, and determine whether you have the skills to meet them.
  • Collaborate with colleagues: Have conversations with your peers – they may not have the technical expertise, but they will be able to tell you the pain points they experience with security, and how it can be improved.  
  • Keep on training: Ensure you regularly brush up on your technical knowledge through academic courses and completing  industry certifications.
  • Learn from your team: Hire a diverse talent pool who can provide different perspectives that you can learn from.
  • Join an industry trust group: Learn from the experiences of other security leaders and share wisdom within a peer-to-peer network to increase your understanding of cyber security approaches.
  • Ensure you are adequately resourced with budget and staff: The ever-present pressures on time and delivery make it all too easy to sacrifice the investment in learning from others. Make your case to the Board to ask for additional team members, so that training is actually possible.
  • Lean on vendors and service providers for support: Third parties that you work with will help fill the gaps.

About Matthew Roach - Head of i-4

Matt is Head of i-4 and leads the world's longest running cyber security leadership community. i-4 is a confidential trust group for chief information security officer (CISOs) and cyber security leaders to find enriching content in order to stay ahead of today's cyber security challenges.

He has led the investigation of some of the most demanding organised crime cases in the UK, operating at the very highest levels of covert policing and latterly in commercial cyber security. He began his career with the Metropolitan Police Service, rising to the Serious and Organised Crime Agency and latterly the National Crime Agency and is a founder of the National Cyber Crime Unit. Matt led the National Cyber Crime Unit's Tactical Industry Partnerships Team to many operational successes, collaborating with global law enforcement and private sector partners.

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security