The Silent Majority
From Cyber Awareness to Cyber Professional Awereness!
The Silent Majority
The term "Silent Majority" was and is used over the ages for different purposes and associations by people of culture, politicians, prime ministers, presidents, and others.
I will use the term Cyber Silent Majority to describe the groups of people, our employees, our families, our colleagues who are not cyber experts, cyber managers, or cyber fans, those that have the most considerable influence on our cyber sturdiness and resilience.
Looking at the various expected trends in 2023, we are witnessing significant growth in the organization's digitization, cloud-based activities, and external organization services. In parallel, a considerable increase in cyber threats and the cyber-attack surface is expected.
Those trends are realized in various cyber adversaries' activities such as identity and MFA compromises, spreading of ransomware to the cloud, leveraging the cyber force by AI usage, software supply chain attacks, and APTs in the ICS and OT industries.
Although the trends described, the cybersecurity workforce gap is one of the biggest challenges globally. According to (ICS)2 2022 Cybersecurity Workforce Study, it is estimated to be 3.4 million cyber personnel. A more concerning issue is that in the study carried out by (ICS)2 in 2018, despite the entry of hundreds of thousands of cyber professionals and the automation of cyber processes, the estimated gap was about 3 million cyber personnel.
Cyber awareness has, for a long time, been one of the key success factors for cyber defense and resilience. The traditional cyber awareness activity focuses on eliminating human cyber errors as "cyber ignorance," providing basic cyber threats knowledge and behavior to the public and employees.
We must leverage cyber awareness to what I call "Cyber Professional Awareness." Cyber professional awareness will add to the traditional organizational awareness subjects like professional knowledge of IOCs, understanding of processes, systems, and vulnerabilities, knowledge of cyber tools usage, and knowledge of recovery mechanisms and processes. It will "wake up" the silent majority and make all the employees more active, involved, and caring.
The investment and effort in educating and building the cyber professional workforce must continue, but "Professional Awareness" will change the equation and significantly reduce the cyber workforce gap.
The cornerstones of "Cyber Professional Awareness" are
a) Continuous cyber assessments and gap analysis. The results should be transformed into informative, study, and training materials provided periodically to all the organization levels and employees.
b) Facilitating periodical cyber training and drills based on previously mentioned knowledge for non-cyber professionals.
c) Implementing the employee cyber professionalism elements in the business and operational processes and procedures.
d) The activation of employees in cyber activities during the routine, crisis, and recovery periods as a part of their duties and obligations.
The Cyber Professional Awareness methodology also plays an essential role in cooperation, knowledge sharing, and combining business and operational knowledge with cyber knowledge, an element missing in many organizations.
Changing traditional cyber awareness to cyber professional awareness is a force multiplayer for any organization and cyber activity.
Let's wake up and mobilize the silent majority to actively strengthen one of the significant challenges of the digital world in 2023 and the years to come.