A recent report highlights the need to invest in human capital when designing a robust system to protect against cyberthreats. Investment in the technological aspect of security alone is insufficient if it is not accompanied by a strategy that focuses on human capital.
This perspective, which is becoming increasingly widespread in the specialized general public, is based on the realization that investment in the technological aspect of security, although a fundamental factor, does not by itself solve the serious incidence of cybercrime in the information systems of the different productive sectors. For this reason, organizations such as the European Union Agency for Cybersecurity (ENISA) focus on human capital as an essential dimension to be incorporated in cybersecurity.
The urgency and relevance of such a perspective is endorsed by initiatives such as the Cybersecurity Skills Conference held on September 21th and 22th in Segovia, dedicated entirely to this important aspect. Among the points discussed was the conviction that suitably prepared human capital is indispensable for detecting, stopping and defending the structures that make up the social and productive bases of all the countries that are part of the EU project from cyberattacks.
Cybersecurity as a profession
This point must be understood from the alarming data provided by statistics. In the European Union alone, in 2022 it was estimated that between 260,000 and 500,000 cybersecurity- related jobs were not being filled. According to INCIBE, in our country the number of professionals needed in cybersecurity was 63, 191 jobs,while in 2024 it will exceed 83,000, while the number of professionals needed in this field was established at almost one million.
Among such figures, there is also the worrying fact that only 20% of people trained in cybersecurityarewomen, showing a clear gender imbalance in this area. The seriousness of the situation is accentuated if we consider not only jobs that require technical training and specific experience in cybersecurity. The current shortage of professionals that makes it difficult for them to be adequately covered may be a cause, but not the only explanation, of the risk that companies run when it comes to being victims of a cyberattack.
Awareness and training of human capital in enterprises
Regarding human capital as a digital security gap in companies, it is also essential to address the formidable evidence that the origin of a large part of cyber-attacks lies in the lack of awareness and training of personnel not directly trained and specialized in cybersecurity.
All personnel who use information technology in the performance of their duties, and who do not work directly in an IT department, are also a key vector for companies to introduce into their cybersecurity strategy.
The findings of the reports in this regard demonstrate the indispensable value of including awareness and training programs that cover the entire work force of an organization. Studies show that, on average, more than 30% of employees fail the safety tests to which they are subjected.
In addition, there is a significant increase in the capacity of cybercrime (from 40 million in 2022 as a monthly average to almost 200 million at the beginning of 2023) to carry out brute force attacks targeting the weakness of passwords used by a company’s staff, or greater accessibility to phishing tools (EvilProxy or NakedPages are behind more than one million fraudulent messages per month).
This leads to a substantial increase in the probability of becoming a victim of a security incident. It is for this reason that the appropriate preparation of all personnel in matters related to cybersecurity should not be neglected,especially when it is noted that 74% of attacks are related to the human factor. As we can see, extreme sophistication is not necessary to perpetrate malicious actions through technology, so, in addition to the essential technical protection resources, human capital must be considered as a basic element in cybersecurity.
CISO as a Service
Knowing that most of the attacks take advantage of the error, ignorance, and lack of preparation in cybersecurity issues by most of the staff of an organization, in JakinCode we have designed awareness and training tools that allow proper training for the detection of phishing, social engineering, smishing, or vishing.
Along with this, we also have a CISO as a Service service that allows companies that wish to do so to incorporate outsourced human capital specialized ad hoc in cybersecurity. In this way, the services we provide respond to the security breach which, as we have seen, is a widespread concern.
JakinCode designs an Awareness and Training Plan tailored to your organization