As the cyberthreat landscape becomes increasingly complex, organizations are seeking new talent from different sources to address their IT shortages.
At the Becker's Hospital Review 6th Annual CEO + CFO Roundtable Nov. 13 in Chicago, Willis Towers Watson's Brian Warszona, vice president, and Tracey Malcolm, future of work leader, discussed the intersections of cybersecurity and employees.
"Our organizations are changing in terms of the jobs that are required … I don't know if you can think in your organizations of the type of roles that are changing — the increase in devices in your environment, data management is increasingly part of hospitals support — new roles that are really stretching the boundaries for organizations as far as how you manage talent," Ms. Malcolm said.
But also, the threat landscape is evolving, and employees need to be more vigilant since they are the most frequent cause of malware infiltrating a system — and this is often accidental.
"The No. 1 way that [ransomware] is actually transmitted is through the phishing emails. This is actually saying that the employee or an actual individual inside had to click on something, thus giving that particular malware access to the computer and the computer network," said Mr. Warszona.
As organizations move to implement new technologies that address cybersecurity, improve employees' workflows and automate processes, Ms. Malcolm and Mr. Warszona argue organizations must rethink how they train current employees as well as how they source new talent. According to Ms. Malcolm, organizations should consider outsourcing cybersecurity contractors since hiring an internal expert can be a lengthy process taking upwards of 18 months. She added that building awareness and being very clear with employees as to what the organization values in terms of cybersecurity is also crucial.
"Information security work is different than any other types of work occurring in your organization, and you have to recognize that," Ms. Malcolm said. She added that protecting data is no longer up to just the IT department. Instead, it is a responsibility of every employee.