EDITOR’S QUESTION
These shifts, including the widespread use
of cloud and off-site networks, open up new
vectors of risk and potential threats and
attacks, that companies must keep on top of.
Companies are also increasingly beginning
to realise that focusing on supply chain
security and third-party risk is key, as this is
so often the cause of a breach. Ensuring that
security staff are well trained in these areas is
therefore of vital importance going forward.
Along with cloud and supply chain,
encryption and SecureDevOps are also a
focus for many companies, so we expect
to continue to see interest in SANS training
courses that cover these areas, increase.
Last but by no means least, we are finally
seeing more companies beginning to invest
in security awareness training. In the past,
too often organisations and their security
teams have perceived employees as the
weakest link, without investing in properly
training them to recognise security threats.
Instead, companies have traditionally
invested almost entirely in using technology
to secure technology, ignoring the human
side. What little training most organisations
have done has been too technical and
complex. Proper security awareness
training requires simplifying security for
people and reaching out to them in their
terms. This is something that organisations
are starting to do.
www.intelligentcio.com