Cisco tackling human element of security with cyber training course
With one of the most commonly cited threats to an enterprise being the human element, the Australian arm of Cisco is investing in cyber-focused courses to bring people up to date with the role they can play in preventing an attack.
Speaking with ZDNet, Anthony Stitt, GM of Security for Cisco in Australia and New Zealand, explained that Cisco's Introduction to Cybersecurity course focuses on how to protect personal data and privacy online and in social media, and explores why more jobs are requiring cybersecurity awareness and understanding.
Given the Cisco business has been successful in the Australian market to date, Stitt said such training is a way of "giving back". In addition, it is also an investment the company is making to help manage not only cybersecurity, but IT in general.
"There's a payback for us I guess in future years in terms of bringing people into the space," he added. "If we don't have the right level of skills, companies can't and won't invest -- they might potentially go offshore and not only is the Australian economy the benefactor of keeping those skills here, but organisations like Cisco are also benefiting."
Edith Cowan University in Western Australia has seen over 1,000 graduates leave the university with a degree relating to cybersecurity since 2011, but it estimates there will be a shortfall of more than 1.5 million cybersecurity professionals around the world by 2020.
It also noted recently that almost 20 percent of cyber positions in Australia will go unfilled due to a lack of trained professionals.
According to Stitt, Cisco's is looking to have cyber-related training extend past tertiary education and show those in unrelated careers that they too can pick up useful skills.
While 70 hours of coursework may appear to only touch the surface, Stitt said it also explores incidents such as malware and ransomware, which he flagged as being the most prevalent attack vector in Australia.
"There's a couple of areas where organisations are still experiencing some trouble -- malware continues to be a problem -- and the role that people play in the malware problem," he explained.
"Often it's at least a two stage attack; normally you'd need for the technology to fail as well as a human to fail for an attack to be successful, in general terms, but usually it's a combination of those two things.
"So very often we're struck by the role users play in their own demise and I think it is possible to move the needle here both from a technology perspective and from a user awareness training perspective."
In order to fix this concern, Stitt wants the occurrence of malware to be assumed, not feared, within an organisation.
"Whether it's ransomware or other forms of malware, it is normal but many organisations don't treat it as normal," he explained.
"They treat it as an outlier event when if they treat it as normal they would organise themselves around responding to the threat a little bit differently -- they would certainly focus more on early detection and clean up than some do now because if you do focus in that area, then you can catch the stuff that gets through and do that in a reasonable amount of time."
The cyber-focused training comes by way of the Cisco Networking Academy, which the organisation has been running since 1997. In addition to the cyber classes, Cisco also launched Internet of Things, NDG Linux, and entrepreneurship-focused training courses.