Intelligent CIO Europe Issue 26 | Page 36

EDITOR’S QUESTION These shifts, including the widespread use of cloud and off-site networks, open up new vectors of risk and potential threats and attacks, that companies must keep on top of. Companies are also increasingly beginning to realise that focusing on supply chain security and third-party risk is key, as this is so often the cause of a breach. Ensuring that security staff are well trained in these areas is therefore of vital importance going forward. Along with cloud and supply chain, encryption and SecureDevOps are also a focus for many companies, so we expect to continue to see interest in SANS training courses that cover these areas, increase. Last but by no means least, we are finally seeing more companies beginning to invest in security awareness training. In the past, too often organisations and their security teams have perceived employees as the weakest link, without investing in properly training them to recognise security threats. Instead, companies have traditionally invested almost entirely in using technology to secure technology, ignoring the human side. What little training most organisations have done has been too technical and complex. Proper security awareness training requires simplifying security for people and reaching out to them in their terms. This is something that organisations are starting to do. www.intelligentcio.com