Connect with us

Hi, what are you looking for?


Management & Strategy

Addressing the People Problem in Cybersecurity

Addressing the people problem with effective approaches and tools for users and security practitioners will enable us to work smarter, and force attackers into a position where they must work harder.

October marks the 20th anniversary of Cybersecurity Awareness Month – an annual campaign led by the Cybersecurity and Infrastructure Agency (CISA) in partnership with the National Cybersecurity Alliance to raise awareness for ways in which we can better protect our data. Some of the most visible cyberattacks in recent months have reminded us that we all play a role in security and people remain our weakest link. Threat actors continue to take advantage of human nature by using phishing emails, persuasive text messages and convincing phone calls to gain access to high value systems and sensitive data and reap financial rewards. Given the headlines, it makes sense this month to take a closer look at the people problem and what organizations can do to strengthen defenses.

The people problem is two-fold: a lack of security awareness among users and a lack of cybersecurity talent. Let’s start with the first challenge, what organizations can do to raise security awareness among users.

  • Support for security awareness programs: According to the SANS 2023 Security Awareness Report: Managing Human Risk (PDF), maturity levels for security awareness programs are improving when compared to last year. However, organizations are struggling with the fundamentals of program development including lack of budget, limits on training time for employees, and lack of staffing and time for program management. It comes as no surprise that the most effective programs are backed by strong leadership support, have dedicated full-time employees, and promote a strong security culture where incident reporting is encouraged and made easy which helps mitigate risk.
  • User training: Also not surprising, the SANS report finds that phishing/smishing/vishing tops the list of human risks, followed by passwords/authentication, detection/reporting, and IT admin misconfiguration. Training should focus on these four areas and go beyond annual computer-based training to include continuous training so that key concepts are reinforced year-round. Involving security teams in the development of human-focused security training helps ensure content remains highly relevant to the organization. Partnering with other departments such as communications and human resources and bringing on third-party training consultants will also help drive program effectiveness while optimizing resources.

Looking at the second component of the people problem – a lack of cybersecurity talent – a combination of training and technology can help close the gap currently estimated at 663,600 in the U.S. alone. For example:

  • Cybersecurity professionals training: Cybersecurity itself is a continuous learning experience, something that is often overlooked. New research by Enterprise Strategy Group (ESG) finds that 40% of cybersecurity professionals believe their organization should increase its commitment to cybersecurity training to help address the skills shortage by enabling the organization to get more out of existing resources. Partnering with security technology vendors that offer product training and make it available in multiple formats and form factors, including instructor-led/in-person, instructor-led/virtual, and self-service, provides flexibility to select what works best for your business model and your security teams.
  • Security automation: An important benefit of security automation is that the highly skilled human resources you have can work smarter, not harder. In research we commissioned recently, security leaders say the number one way to address a top challenge – high turnover rates – is with smarter tools that simplify work. Additionally, over 60% expect automation to positively affect employee satisfaction and retention. A balanced approach to automation where repetitive, low-risk, time-consuming tasks are automated so that analysts are freed-up to take the lead on irregular, high-impact, time-sensitive work can improve retention and utilization while driving better security outcomes. And a data-driven approach to automation ensures that actions remain relevant for greater focus, accuracy and confidence in the outcomes. Additionally, security automation platforms that support low-code/no-code interfaces can make automation accessible to a range of users with varying skill sets.
  • Additional, new technologies: Approaches and technologies like AI are already helping to drive efficiencies. Specifically, natural language processing is being used to identify and extract threat data, such as indicators of compromise, malware and adversaries, from unstructured text in data feed sources and intelligence reports so that analysts spend less time on manual tasks and more time proactively addressing risks. Machine learning (ML) techniques are being applied to make sense of all this data in order to get the right data to the right systems and teams at the right time to accelerate detection, investigation and response. And a closed loop model with feedback, ensures AI capable security operations platforms can continue to learn and improve over time.

Threat actors continue to use variations of the same threat vectors year after year to execute successful attacks. Fortunately, we have it in our power to disrupt the cycle. Addressing the people problem with effective approaches and tools for users and security practitioners to strengthen defenses will enable us to work smarter, and force attackers into a position where they must work harder.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.