Linked: Bad news: The cybersecurity skills crisis is about to get even worse
| |

Linked: Bad news: The cybersecurity skills crisis is about to get even worse

Now, the shortage of people leading to overworked stressed, and burned-out workers is the headline, but if you look at the reasons given in the article below, it’s not “just” that. It’s where that situation leads. When you’re short-staffed and constantly putting out fires, you don’t really take the time to think about showing appreciation, helping employees grow their skills and careers, or creating a diverse workplace.

Yet those are the exact things that employees are looking for elsewhere.

Appreciating and growing your employees is not something that is “nice to have” anymore. It’s a requirement.

Linked: Most organizations that paid a ransom were hit with a second ransomware attack
|

Linked: Most organizations that paid a ransom were hit with a second ransomware attack

Whatever you choose to do, though, the next step needs to be doing everything possible to make sure it doesn’t happen again instead of breathing a sigh of relief that you got your data back and continuing business as usual. That would seem to be the common mistake here.

Don’t make that mistake.

Security pros, where do you fall on the debate on paying or not paying, and does this report change your thinking?

Linked: Employees’ email still drives most of the data loss at organizations
|

Linked: Employees’ email still drives most of the data loss at organizations

A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.

It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.

Linked: Data breaches happen constantly and there are very little consequences
|

Linked: Data breaches happen constantly and there are very little consequences

This is the crux of the problem. Personal information is going to be breached, eventually. There is no 100% secure data. None. No business, government entity, non-profit, or any other place that collects and stores data is completely secure. The only true security for personal information is to not have it. To have not collected it or delete it once it’s no longer needed.

That is the radical re-think that is necessary. It’s also the complete opposite of everything these organizations have been taught and incentivized to do. If we are going to pass federal privacy laws, this should be the central theme.

Linked: Pandemic Leaves Firms Scrambling for Cybersecurity Specialists
| |

Linked: Pandemic Leaves Firms Scrambling for Cybersecurity Specialists

I’m not sure that these companies have done the math. If enough experienced workers in an industry do more than switch between competing offers but step away from the industry into a different career path, there will not be enough experienced workers to go around.

What are you going to do about that? Sit around with unfilled positions and cry about it, or get serious about raising up the next generation of cybersecurity talent?