Small, mid-sized, and large corporations face an existential threat online as hackers craft new ways to breach systems and steal off valuable and sensitive data.
According to cybersecurity reports, upwards of 88 percent of organizations had at least one brush with a phishing scheme, and 68 percent of businesses fear cybersecurity risks continue to rise. Given that 36 billion digital assets were reportedly exposed in 2020, business leaders are increasingly looking to a Managed Services Provider (MSP) for online protection.
With cybersecurity budgets expected to exceed $170 billion in 2022, MSPs would be wise to invest in ongoing training and education. An MSP can only say, with confidence, their frontlines professionals are experts if they are prepared to identify and address emerging threats. That’s why the advice from these cybersecurity experts about coursework and training could prove invaluable to preventing hacks and increasing an MSP’s client base.
Cybersecurity Training Must Reflect Evolution of Hacking Schemes
Mark Hicks founded Mathe in 1990, and his accumulation of knowledge has been a driving force behind the New Jersey-based IT firm. With more than 30 years of experience, Hicks recognizes that cybersecurity threats happen in an instant. People teaching MSP professionals must also be keenly aware of how quickly things can change.
“Cybersecurity has evolved into what can best be described as a multi-headed Hydra versus a silver bullet. Thirty years ago, when networks were not interconnected, you still had cybersecurity threats with viruses that could be spread on disks. Having simple security protocols and an Antivirus was enough,” Hicks reportedly said. “In the early IT days, cybersecurity was more static. Most heard of a virus that had been released into the wild months before the date when it was supposed to activate because of the speed of distribution and the connectivity. Now more than ever, we have to approach cybersecurity from a zero-trust approach with the best tools and discipline we can and always keep up to date.”
MSPs Need To Ask Questions About Cybersecurity Education
Ashu Singhal, president of Virginia-based Orion Network Solutions, earned a master’s degree in computer systems and networking telecommunications in 2000. He also earned nearly a decade of experience by developing Orion Network Solutions into a leading IT consulting firm. His advice revolves around knowing your needs as an MSP and vetting educational resources before investing company time and money.
“First, figure out what your goal is. Are you looking for increasing your knowledge, or are you looking for certifications to be used on resumes? There are lots of training courses that are more check the box kinds. So, be wary of those. If they are associated with some accreditation bodies, the better,” Singhal reportedly said. “Generally, if a course is charging some minimal fee and has been around for a while with reviews, that is a great find. If you are on a tight budget and want to start with free courses from Udemy or Coursera and the like, look at the trainer bios. If the trainer has been in the security industry for a while and associated with few certifications and has practical industry experience, all the better.”
To that end, Michael Anderson of 365 Technologies may be a go-to resource.
“I’m just starting the Certificate course in Cybersecurity fundamentals at York University in Toronto, with a goal of writing the CISSP in the next 12 months,” Anderson reportedly said.
How To Ensure A Cybersecurity Course Meets Your Needs
Guy Baroan, president of Baroan Technologies, has been delivering top-tier IT services for more than two decades. He founded Baroan Technologies in 1997 as a one-point-of-contact firm. He recommends that MSPs ask pointed questions about the cybersecurity training resource. The following are questions Baroan reportedly says he would ask in your position.
- Who is offering the course, their level of awareness, and history in the education and cybersecurity space?
- Can anyone start the training, or do you have to have a certain level of experience?
- How much is it?
- Have others been able to secure work when complete?
- Is it following a standard? If so, which one?
- Can the information be used both personally and in business?
- Do they offer real-world scenarios, provide details on how to leverage tools?
- Do they offer different areas of cybersecurity such as pen-testing, encryption, phishing, vishing, social engineering, and other areas?
- Do they offer work placement assistance?
- How long is the training good for?
- Do they offer the capability to come back for updated training?
- Do they offer a certificate of completion?
Echoing some of Baroan’s sentiments, Mike Shelah of Advantage Industries emphasizes outcomes. While certification can be gotten by merely showing up on a videoconferencing call on time, knowledge requires acquiring knowledge and skills.
“There are multiple cybersecurity training services available. They all perform similar functions, such as a monthly quiz, monthly video, and fake phishing attacks. What really differentiates is the human follow up,” Shelah reportedly said. “For example, if your company has 50 employees and only 40 people take the test, then the 10 that did not test become the biggest security risk to your business. Our practice is to review the monthly performance of each client, identify those employees that did not take the test, failed the test, or fell for the phishing attempt. We target these employees and provide additional focused training.”
If you are a decision-maker at a startup MSP or plan to increase your cybersecurity footprint, it’s essential to invest in courses that further your goals. That typically includes those of your current and future client base. It may be worthwhile to reach out to a seasoned cybersecurity expert for advice.