Not a single day goes by without a devastating security breach affecting someone, somewhere. In the first six months of 2019 alone, over 4 billion records around the globe have been exposed due to easily preventable data leaks. The number of breaches has already witnessed a whopping 54 percent increase from last year. Some recognizable company profiles subject to such damaging circumstances include Capital One, Citrix, LabCorp, Toyota, and Facebook.
The most common takeaway is that organizations are slipping when it comes to proper security defense, whereas malicious hackers are becoming too sophisticated and adaptable to prevent recurring threats. However, if you take a few steps back, you will find that fundamental security knowledge, although vital, is severely lacking from the very cradle – or college campus.
Missing cybersecurity syllabus
Top white-hat hacker, Jack Cable notes that “universities are partly to blame” for what seems to be increasing organizational unpreparedness and the prevalence of poor security practices. Indeed, among the top 20 computer science schools in the U.S., only one lists a security course as a core requirement. Another 2016 study showed that only 1 of the top 36 computer science programs in the country required a cybersecurity course for graduation, and 3 of the top 10 programs offered no cybersecurity classes at all. In 2018, the professional association ISACA found that 61 percent of organizations believed that fewer than half of all applicants for open cybersecurity positions were actually qualified for the job.
Theory but no practice
Even when educational institutions do include cybersecurity within the curriculum, the most common complaint is that it tends to over-emphasize theory and book learning, leaving students with a shortage of hands-on, practical skills. The cybersecurity training nonprofit organization U.S. Cyber Challenge notes, “the common thread across the most effective public, private, domestic, or international cyber workforce training programs is hands-on, applied learning methods.”
While some propose standardized courses that would teach the basics of building secure software, including popular security vulnerabilities, secure coding practices, and application security – others found success with incorporating cyber ranges and cybersecurity competitions that mimic real-world environments and enable participants to “build practical skills while also improving their ability to work as teams in fast-paced, adversarial environments.”
Avatao addresses the gap
Given the shortage of nearly 3 million cybersecurity experts around the world, most of our clients come to us facing similar challenges. Too much theory, ineffective or insufficient classroom-style learning, not enough assurance in secure coding skills. “Companies are struggling to find and hire qualified staff, whereas traditional training methods are simply too costly and time-consuming,” says Avatao CEO, Mark Felegyhazi. Avatao’s first-of-its-kind security training platform was launched within a university environment and is therefore adept at addressing and filling security gaps most commonly found among developers and engineers. “We developed a platform that’s fun, intuitive, and engaging – but also rigorous and powerfully equipped to teach secure coding to a wide variety of individuals”. Mark also highlights that CTFs and Hackathons are widely sought after by clients as “introductory events” that “probe existing knowledge” and “generate enthusiasm” among developers for future learning.
It’ll take some time before cybersecurity is fully ingrained across computer science curriculums, therefore pushing companies to search for alternative solutions in the meantime. Whether it’s through traditional learning, workshops, or hands-on training via online platforms – invest in your fresh graduates and existing employees. They’re your first line of defense.
Reading Time: 9 minutes Banking information, login credentials, insurance numbers. A few of the data stored by many financial institutions. We asked an expert about the best practices to protect these information.
Reading Time: 9 minutes Python is a high-level, flexible programming language that offers some great features. To be as effective as possible, it is important to possess the knowledge to make the most out of coding with Python.
Reading Time: 7 minutes Money management moves towards complete automation, and the evolution of cybercrime follows along. The money heist has changed, we all know that. Cyberspace takes more and more of that cake, but the reason behind attacks remains the same: money, in any form.
Reading Time: 7 minutes Telecommunications is everywhere. Hence, this area is more exposed to external threats than others. It is crucial to ensure a strong line of defense in this industry, so your entire organization has up-to-date protection and is aware of best practices.
Reading Time: 7 minutes Security champions represent an essential part of any security programs. They lead their teams on security projects, ensure internal security and help keeping security on the top of your mind. But how exactly they operate in a business? We asked Alexander Antukh, Director of Security at Glovo for professional insights.
Reading Time: 9 minutes Security champions play a vital role in establishing and maintaining a security culture in an engineering organization. See how to turn your developers into security champions!
Reading Time: 6 minutes As the company grows the leadership wants to establish a security program to ensure the solid and undisrupted operation of the business. Security at this point is essential, especially when calculating the loss from a halted business, even for a few hours.
Reading Time: 9 minutes OWASP Top 10 Vulnerabilities in 2021 based on the non-official proposal of Ivan Wallarm. Here is what we know.
Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.
Reading Time: 8 minutes Exposing data, especially sensitive data, is a long-time-coming threat. Since personal information such as addresses, payment details, non-hashed passwords, config files, and so on are very popular targets among attackers, it’s obvious that sensitive information is supposed to be protected from unauthorized access.
Reading Time: 8 minutes Compliance standards are a valuable but mostly misunderstood part of the corporate culture. Like any other certificate, a compliance certificate demonstrates that the entity/business operates according to a commonly accepted standard and signals trust towards third parties. A successful compliance certificate eases regulatory processes, opens new markets, and in general speeds up revenue generation, which is the key metric for businesses.