Lean Into Learning: Cybersecurity Awareness Month 2022 Edition

The fast-changing and increasingly threatening state of today’s cybersecurity landscape is on every security professional’s mind – and rightfully so. According to ISACA’s new State of Cybersecurity 2022 report, 43% of organizations are currently experiencing more cyberattacks compared to last year. Just 9% are seeing this number decrease.

Defending against the wide slate of emerging threats requires awareness and buy-in from more than just the infosec community, however, and Cybersecurity Awareness Month is the annual reminder that we all play an essential role in this effort. With the rise in hybrid work, proliferation of technology, and more loose ends to secure than ever before, Cybersecurity Awareness Month 2022 is aptly focusing on the “people” component to ensure all individuals and organizations make smart decisions whether at work, home, or school.

This year’s theme is “See Yourself in Cyber,” and per the Cybersecurity & Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA), this boils down to all individuals doing their part to safeguard the organization no matter their title, discipline, or department. In light of this and as a company that is transforming how organizations train all parts of their workforce to effectively mitigate risks, we explored the latest trends in cybersecurity learning in the enterprise. Here’s what we found.

Data is a powerful tool, and in many cases, it can be eye-opening, tell a story, and drive decisive action. For instance, IBM Security found that the average cost of data breaches has reached an all-time high this year at $4.35 million. Meanwhile, Verizon’s 2022 Data Breach Investigations Report noted that 82% of breaches involve the “human element,” such as falling for phishing. Phishing, uncoincidentally, is the number one delivery vehicle for ransomware, which has seen a 13% year-over-year increase – a rise as big as the past five years combined.

This data isn’t meant to incite panic, but rather underscore the fact that cybersecurity is an unwavering, pervasive challenge. Moreover, the human element continues to present significant risk.

Building a culture of security is essential to reducing human error. For small and large organizations alike, this is no simple feat. It’s a continuous journey that requires planning, dedication, company-wide buy-in, ongoing assessment, and most importantly, training and education.

Positively, Skillsoft is witnessing organizations and employees place a bigger emphasis on workforce-wide security awareness and skills training. Comparing consumption of Skillsoft’s cybersecurity training content in the first half of 2022 to 2021, we observed a 21% increase in total number of hours spent across organizations and a 24% increase in the number of hours spent by each learner on average. Furthermore, learners spent 11% more hours on cybersecurity compliance training, indicating that organizations are mandating more from employees to avoid the risk of regulatory sanctions.

For the second consecutive year, the top five industries that are making cybersecurity learning and development a priority are:

1. Business services/consulting
2. Banking/finance
3. Manufacturing
4. Telecommunications
5. Government/military

Looking at this through a slightly different lens based on industries with the greatest YoY increase in the number of learners consuming security content, we see hospitality taking the top spot (1,359%), followed by banking/finance (598%), construction (439%), manufacturing (374%), and healthcare (321%). The manufacturing industry’s increased attention to cybersecurity is particularly noteworthy and can be attributed to the SolarWinds hack and continued presence of supply chain attacks.

A solid culture of security thrives and succeeds when employees are educated and enabled. Training significantly benefits individuals and their organizations and is a key component to warding off human error threats such as phishing.

The training content that learners are searching for and engaging with can tell a lot about their interests and levels of competency, as well as potential skills gaps within the organization. Couple this with targeted skills assessments and you can get a comprehensive view of the areas where it makes sense to dial up or down upskilling efforts.

For example, when learners first begin their journeys with Skillsoft, they’re asked to select the skills they’re most interested in improving. Among cybersecurity-related domains, the top selections in 2022 have been:

1. Information security
2. Core security
3. Analyst
4. Secure architectures
5. Security operations

Interestingly, core security – which covers the fundamentals of cybersecurity such as phishing / anti-phishing, multi-factor authentication, and password management – now ranks second on the list. The steady, YoY rise correlates both with an increase in employees’ attention and awareness of security and organizations mandating more from the workforce to ensure they all understand the role they play in protecting the broader ecosystem.

Skillsoft offers a wide breadth of content that appeals to, and is effective for, both learners with a limited cybersecurity background, and those who either hold technology-focused roles or need to take a few specialized classes or earn a new certification. In light of this, looking at the top five cybersecurity-related search terms amongst our learners this year, high-level searches – “cybersecurity” and “security” – rank second and third on the list. Meanwhile, CISSP (Certified Information Systems Security Professional) takes the first overall spot, with CompTIA Security+ and CISM (Certified Information Security Manager) ranking fifth.

This search demand indicates that security professionals are heavily utilizing certification prep materials – ranging from courses and books to test preps and hands-on labs. Additionally, Skillsoft’s list of the 15 Top-Paying IT Certifications in 2022 shows that all but one involve a cybersecurity component. The demand for these skills is evident with multiple cybersecurity certifications earning IT professionals at least $150,000. Adjacent skills are also essential for security professionals as they need to protect all aspects of IT and Dev in an organization.

Companies are looking to the cloud to cut costs, reduce security risk, and improve efficiency across the enterprise. These transformations have been happening in greater numbers in recent years as the nature of work has changed for many. This upward trend in cloud migrations and adoption of cloud services has increased demand for cloud-related skills and certifications. Skillsoft’s 15 Top-Paying Certifications of 2022 list shows that two of the top three certifications are cloud-oriented.

With the move to the cloud also comes complexities of modern application development and security, requiring new skills across the workforce. This in mind, diving into our data mines further and exploring the most completed cybersecurity courses in 2022, we see application and cloud security-related content ranking in four of the top five spots.

Furthermore, looking at the badges Skillsoft has issued this year to learners completing courses and sharing results on social media as personal records of achievements, we observed a nearly identical list, with one difference at the fifth spot: IT Security Fundamentals.

From a compliance perspective, among the most-completed courses so far this year, many of the topics align with this year’s Cybersecurity Awareness Month themes (multi-factor authentication, password management, software updates, and phishing).

As any IT leader looks at the scope of a transformation of core business services or architecture, it's important to ensure the team that will propel these projects forward is prepared at every step. For many, these courses are an essential step toward realizing those objectives.

Cybersecurity Awareness Month is an important, annual reminder that, as an industry, we must focus our collective efforts on addressing security issues and spreading awareness and education. After all, a strong security culture depends on ongoing education. With continued investment in education, it's possible to build a transformative training program that influences lasting change.

Steps for achieving this goal include:

• Broaden security efforts by expanding education throughout your organization;
• Leverage innovative, experiential learning involving storytelling and roleplaying strategies;
• Ensure your training includes education about security matters relevant to learners’ lives inside and outside of the workplace;
• Structure training to maximize retention via short bursts of learning experienced through a multitude of modalities; and
• Repeat, repeat, repeat.

Do you see yourself going even deeper in cyber? Check out Skillsoft’s Cybersecurity Career Journey! Start pursuing new skills, senior-level certifications, or a new job role today.