The Growing Cybersecurity Skills Gap and What to do About it

Cybersecurity skills gap training blog. Cyber security concept

Cybersecurity attacks are growing at an alarming rate and companies cannot be complacent when it comes to preparing employees and protecting data. According to the Fortinet 2022 Cybersecurity Skills Gap Report, 80% of the 1,000 organizations surveyed experienced at least one breach within the last 12 months and nearly 1 in 5 experienced five or more breaches. Almost 40% of organizations suffered some breach that resulted in more than $1 million in recovery costs. The survey also found that 90% of organizations actively discuss cybersecurity with their boards and 77% have recommended increased headcount in IT and security. 

However, when it comes to hiring new cybersecurity talent organizations are hitting a big cybersecurity skills gap. According to the ISC Cybersecurity Workforce Study, the workforce gap for cybersecurity workers in 2022 was 3.4 million despite adding nearly half a million workers to the field in the same year. Additionally, organizations have recognized a need to train existing employees on cybersecurity threats, but they might not know where to start.

Importance of Cybersecurity Training for Employees

Adequate cybersecurity training for employees is crucial for modern businesses, as employees are often the first line of defense against various cyber threats. Cyber threats present themselves in many forms, including malware, ransomware, phishing attacks, and data breaches, and they can have serious consequences for businesses and individuals alike. Cybersecurity training can help individuals and organizations develop the skills and knowledge they need to identify and prevent these threats, as well as to respond effectively if an attack does occur. Common cybersecurity training topics for employees might include password security, identifying phishing scams, social engineering, and understanding malware. 

There are many different approaches to cybersecurity training, depending on the needs and goals of the organization or individual. For example, some organizations may choose to provide in-person training sessions or workshops, while others may prefer virtual training cybersecurity courses or webinars. Some training programs may be focused on general cybersecurity best practices, while others may be more specialized, covering topics such as incident response, data protection, or network security.

It’s important to note that cybersecurity training is not a one-time event, but rather an ongoing process. Cyber threats are constantly evolving, and it’s important for individuals and organizations to stay up to date on the latest threats and best practices. This may involve regularly revisiting and updating training materials and programs, as well as staying informed about the latest trends and developments in the field.

What are best practices for cybersecurity education and how do you provide accessible training? Skytap recently hosted a webinar with cybersecurity expert NUARI to understand how it is utilizing virtual IT labs to deliver training.

Norwich University Applied Research Institute (NUARI)

Norwich University Applied Research Institutes (NUARI) is a 501(c)(3) non-profit that has been a global leader in developing cyber war gaming, distributed learning and simulation technology, critical infrastructure exercises, and cybersecurity curriculum. NUARI studies and identifies solutions to critical national security issues and is partially funded by the U.S. Department of Homeland Security and the U.S. Department of Defense. The organization is co-located with Norwich University in Northfield, VT and offers hands-on training courses for the military, government organizations, companies, and both undergraduate and graduate programs.

Tom Paulger, a Cybersecurity Expert at NUARI who develops and teaches courses, joined Skytap for a webinar on cybersecurity training best practices. Listen to the full webinar recording here or keep reading for a recap of the insights shared.

Cybersecurity Skills Gap Education and Training

NUARI comprises three research institutes that focus on cybersecurity education and training:

  • Cyber Conflict Research Institute (CCRI): Conducts applied research and actionable exercises with the end goal of assuring U.S. critical infrastructure and intelligence in the event of cyber attacks.
  • Learning Technologies Research Institute (LTRI): Aggressively explores new approaches to delivering cyber education and content using simulations, interactive games, and case studies.
  • Defense Technologies Research Institute (DTRI): Executes research and development activities resulting in rapid prototyping and fielding of man-portable technologies that expand warfighter capabilities.

NUARI also helps support FEMA through the National Cybersecurity Preparedness Consortium (NCPC), which is a group of five universities that work together to propose, develop, and deliver cybersecurity courses. NCPC offers a variety of cybersecurity-focused courses both in-person and online to a wide audience including law enforcement, local government, and some private sector companies.

In addition to conducting research on cybersecurity, developing tools to combat threats, and conducting cyber exercises and training for the military and other government organizations, NUARI offers a variety of educational and training programs. Norwich University offers undergraduate and graduate degrees in computer science, and over the years started offering computer security degrees as well to to keep up with growing demand in the workforce. NUARI supports the university through online lab courses for online programs and as the lab component for in-person cybersecurity degree programs.

The Role of Virtual IT Labs in Cybersecurity Training

NUARI uses Skytap Virtual IT labs, a solution for creating virtual classrooms and hands-on labs, to support its cybersecurity education and training efforts. As a part of the online graduate program it supports, NUARI needed a solution to offer hands-on, virtual training that students all over the world could access. NUARI selected Skytap Virtual IT Labs as its solution due to global availability, easy instructor access and controls, and ability to build and re-use course templates. 

In the webinar, Tom notes that with Skytap “one of the big advantages is a lot less complication of messing around with the computer to get the lab to work” because the lab is delivered through a web browser. Oftentimes an inhibitor to conducting training is the extensive setup and delivery of the course material. Skytap makes this easy by allowing for templates that can be reused and the ability to quickly generate a unique link for each learner to use. 

Hands-on lab training through a browser allows:

  • Quick set up for both students and instructors 
  • Students to interact with real simulations and use problem-solving skills
  • Students to learn how to use a new software or tool
  • Instructors to quickly see the results of student work
  • Real-time feedback between instructors and students
  • Cost savings due to no additional equipment needed, students and instructors only need a web browser 

Virtual labs provide learners with access to virtual spaces and software environments that accurately simulate real-world IT scenarios. These labs are increasingly utilized to help train employees and IT professionals in cloud computing, network security, as well as general software development. Learners in virtual IT lab environments can experiment with different configurations and settings in a safe and controlled environment and only need a web browser to access the platform. Using virtual lab technology, companies can create simulated environments that replicate the types of scenarios and challenges that their business or industry typically faces.

Tom also discusses how a common issue he finds with employee cybersecurity training is unrealistic expectations from management. He recalls a time when a manager wanted to be able to prevent cyber attacks entirely through a training course for employees. Tom explained, “You are going to get a cyber attack or ransomware sooner or later. The answer is how do you prepare yourself to recover from that incident.” Cybersecurity training is essential for not only the employees, but also for the organization to have a process and procedures in place to respond to and recover from a cyber threat. Virtual IT labs are a key tool for employees to use in their training in order to go through realistic simulations, rather than a static online course that only features multiple choice questions. 

Learn more about cybersecurity training using Skytap’s solution

Organizations like NUARI are on the front lines when it comes to trying to narrow the cybersecurity skills gap and offer training for companies of all sizes. Effective cybersecurity skills building includes both education on potential threats and hands-on training on how to combat the threats. Tools such as virtual IT labs can help make this training simple and effective for employees. Read more about how NUARI uses Skytap Virtual IT Labs to conduct hands-on cybersecurity training

Join our email list for news, product updates, and more.