Despite the growing number of cyberattacks in most sectors, hands-on training and simulated testing, necessary to build cybersecurity capabilities are at infancy stages. One of the main challenges which contribute to the ineffective adopted approach to cybersecurity management is the lack of practical security training. For cyberattacks to be avoided, forecasted, and managed it is of paramount importance to raise the necessary practical skills using as training tools appropriate best practices, simulated environments, cyber ranges, test cases and scenarios, risk management, incident handlings, forensics methodologies and tools.
Apart from acknowledging the technical aspects of a security training, which are of course crucial, human, and behavioural aspects need to be included in these trainings since they are most significant. For example, analysing the attackers’ profiles will lead to better estimate the attacks potential or the effective implementation of security procedures will need to improve the secure behaviour of the employees. Behavioural change and socio-psychological models, like the social cognitive theory or the theory of planned behaviour, have been proven effective in other training concepts as they focus on how behaviour can be changed in everyday settings and situations. These models would thrive in a cybersecurity training concept as they would introduce innovative, but proven, methods to a new group of people.
To conclude, considering a holistic model in cybersecurity practical training will help the effectiveness of the training and will boost its applicability.
In order to enhance the existing efforts in practical cybersecurity training, we participate in the organisation of the Cybersecurity Hands-On Training (CyberHot) in Chania, Greece from 27/9/2021 to 28/9/2021. Join us at the beautiful island of Crete for a unique knowledge sharing experience! More information can be found here: https://www.cyberhot.eu/