Financial news

By Max Vetter 

People are the most important piece in the cybersecurity chain. So, what skills do they need, and more importantly, how can they develop them?  

In an alarming trend, ransomware incidents amongst financial institutions have hit a three-year peak.   

When threats of this magnitude increase, there is a tendency for the finance sector to react by pouring funds into cybersecurity tech in the quest for greater cyber resilience. However, it’s foolish for finance leaders to neglect the fact that a well-trained workforce can become one of the best “firewalls” against attacks, if given the right cyber capabilities.   

It doesn’t matter how much money is spent on technology, if employees can’t use the tech or are otherwise not prepared for a cyber attack, then the business remains vulnerable. Investing in sharpening your team’s cyber skills is key to fortifying your resilience strategy. What strong cyber resilience actually means is an entire workforce capable of defending itself. 

Investing in the cyber skills revolution 

With cybersecurity now a key component of organisational resilience, it’s no longer just the security team’s problem but a company-wide issue. Despite the growing importance of cybersecurity, making it a shared, company-wide problem still remains a significant challenge.   

While 65% of directors anticipate a major cyberattack within the next twelve months, nearly half concede that their organisations are underprepared. More needs to be done to upskill the entire workforce, including the board, to effectively prepare for, and respond to, threats. Too many businesses lack the robust metrics for assessing and developing the cyber skills of their workforce. 

Companies have previously leaned on traditional security training, set in classroom-style settings; however, this approach simply does not work. It fails to engage employees effectively or foster lasting behavioural change. Instead of being a genuine learning opportunity, such exercises are a check-box activity and not a good use of time, not least because cyber crises involve teams working together – not just a set of individuals.  

Effective training must reflect real-life scenarios so that trainees are left ready to approach real-world cyber threats that can be truly tested and enhanced. 

This new breed of cyber resilience training is gaining popularity, offering hands-on, live fire drills that assess real cyber capabilities and prove them to leadership. This new approach to cyber exercising offers a more effective way forward to build and prove a workforce’s actual ability to defend against threats. 

5 Effective Ways to Build a Human Firewall 

To take advantage of this revolution in cyber skills development and training, organisations should implement the following strategies:  

1. Build a people-centric cybersecurity culture

People cannot be updated like software, they need to be constantly educated and made aware. Nurturing a culture of continuous learning will override complacency and lead to a robust organisation that can defend against evolving cyber threats and secure the financial organisation’s digital presence.  

2. Conduct regular exercising, not one-offs 

Training is not just one task and then done, it needs to be continuous. Keeping on top of relentless waves of attacks is a work in progress. Regular exercises, conducted company-wide, are the only way to stay on top.  

There must be a sustained commitment to cultivating a robust cybersecurity ethos via targeted, strategic action. Cybersecurity education shouldn’t be a mere formality or a one-time affair. It must be continuous and adaptive, evolving in tandem with the constantly shifting threat environment.  

3. Overcome overconfidence

Complacency is a mortal failing against dynamic cyber threats. Cybercriminals are constantly refining their strategies, and every team member needs to stay on top of the latest tactics. It requires a complete change in mindset from “I already know this stuff” to “I need to do all I can to stay on top.” 

4. Prepare for before and after the boom

Achieving cyber resilience involves ensuring the workforce is prepared for every phase of a cyberattack. The Initial phases of an attack are not usually the problem for organisations, it’s the critical “after the boom” stages.   

These later stages, including responding to and recovering from attacks, usually lift the lid on how prepared an organisation is. The skills required during these moments extend beyond mere technical know-how, but demand effective communication, strategic decision-making, and thorough business continuity planning. 

5. Tailor cyber exercises to individual roles and responsibilities  

Effective cyber defence necessitates engaging training programmes that encompass every level of the organisation – and customised by role – to provide data to demonstrate skills strengths and weaknesses.   

Training exercises should be comprehensive, role-tailored, and most importantly, rolled out company-wide. In particular, financial decision makers and those with direct access to payment systems and data are prime targets for attacks and should be prioritised in development plans. 

Upskilling the workforce 

Embracing a people-centric cybersecurity approach transforms our workforce into a dynamic firewall, armed not just with technical tools but with the adaptability, communication skills, and confidence to face down cyber threats. This approach champions adaptability, turning each challenge into a lesson and fostering a culture where learning from mistakes strengthens our defences. It underscores the importance of effective communication for a unified response in times of crisis and builds confidence across the team, blending technical skill with emotional resilience. 

By viewing cyber threats as opportunities for growth, we cultivate a mindset of continuous improvement, ensuring our human firewall is ever-vigilant, ever-evolving, and always a step ahead. This holistic strategy not only leverages technology but also empowers our people, making them our strongest asset in cybersecurity resilience. 

About the Author 

Max Vetter is the Vice President of Cyber at Immersive Labs. He has over 15 years experience in the cyber industry. Having studied astrophysics at university he moved into a role in the Met police targeting industrial and commercial crime. He specialised in internet investigations into darknets and cryptocurrencies. He also taught at the GCHQ summer school, educating the students on reverse engineering and ethical hacking.