Cyberbit survey shows various training deficiencies in India

Oct 13, 2020

New Delhi [India], Oct 13 : A new survey by Israel-based Cyberbit shows that nearly 61 per cent of Indian organisations still do not have well-structured cybersecurity training modules for their employees and mostly rely upon on-the-job training (mentoring, peer review) for their security operations team.
The survey also brought to light the fact that more than 90 per cent of organisations are not exposing their cybersecurity teams to the MITRE ATT&CK framework, a comprehensive collection of various attacker behaviours displayed across the cyberattack lifecycle.
Only 32 per cent of companies are aligning their training to MITRE, creating a gap in experience measurement that could be critical in incident response.
The survey also showed that 89 per cent of organisations still rely on classroom training, external certificates and tabletop exercises that emphasise theory and have limited practical exposure.
These approaches are great to develop knowledge but do not prepare SOC teams with the practical skills required for the experience of a real-world attack. Interestingly, 11 per cent of organisations have deployed a cyber range that exposes SOC teams to simulated cyberattacks.
The findings also indicated that 77 per cent of cybersecurity professionals are working remotely. Organisations know they need cybersecurity training but are not implementing any effective training, creating an even larger need.
According to a study by Data Security Council of India, the country needs 10 lakh cybersecurity professionals. India's qualified candidate count currently stands around one lakh.