The cyber threat landscape has never been as fast-moving as it is today, with attacks growing seemingly more sophisticated by the hour. With cyber-attacks grabbing headlines, many organisations are scrambling to bolster their cyber security teams while simultaneously educating their workforce on cyber security programmes and raising awareness of these threats across the business.

One of the primary issues taking centre stage is the cyber security talent crisis. Hiring highly experienced cyber security staff is more difficult than ever. As a result, organisations are looking within their workforce to see how they can upskill staff while enhancing their education programmes and security policies.

Lexmark is a leader in this space, as we have adopted a hybrid approach for addressing cyber security. Internally, Lexmark seeks employees with experience throughout the business but have an interest in cyber security. Externally, we source third-party experts with high-security IQ and integrate them into the organisation. Offering this fresh perspective means that we can enrich our entire business across all departments and levels. This blog will delve into Lexmark’s cyber security journey and how we view the future cyber security workforce.

Lexmark and cyber defence

As a leading provider of printing and imaging solutions, protecting our customers’ sensitive information and ensuring the total security of our customers’ data is our paramount responsibility. Our in-depth knowledge of cyber security on behalf of our customers lends itself well to our approach to cyber defence within our own business.

Fostering a culture of security

At Lexmark, we’ve strived to nurture a culture of security that recognises the need for everyone in the business to play a role in our cyber protection. This ensures that secure practices become an instinctual reflex for all employees. A deep understanding of the business and the ways cyber security poses a threat to all areas of the company is just as important as investment in high-quality cyber security training. We carry out this belief at Lexmark by investing time in discussions surrounding staff members’ role in the company and, crucially, where they stand in relation to Lexmark’s security ecosystem.

Another practice which enhances our culture of security is the promotion of diversity in all cyber security teams, including individuals who understand the many functions of the business. Our recruitment process, which prioritises inclusive and diverse hiring, makes this easier. Diversity plays a key role in ensuring every member of staff across the business has someone with whom they can talk comfortably and candidly about cyber security, as well as help to reduce the risk to business and balance with the need to move quickly and meet demands.

This comfort is key to building a culture of security. The day when every member of staff feels comfortable asking questions and searching for advice relating to cyber security is the day we’ll have done our jobs properly as a cyber security team. Within a culture of security, there is no shame, and everyone feels shared accountability.

The future cyber security workforce

There are misconceptions about who can enter the field of cybersecurity. Many believe it requires a university degree in a directly related field and a deep expertise in technology. At Lexmark, this isn’t the whole truth. In fact, we’re always looking for fresh talent in the space and don’t have any cut-and-dry requirements.

However, we recommend a few key attributes we look for when selecting our cyber security staff. Having a genuine interest in cyber security makes all the difference and ensures our staff trust our cyber team enough to approach them with concerns. Taking advantage of cross-training opportunities is also a green flag for us, as it shows the candidate’s interest in the applications of cyber security to all areas of the business and indicates an understanding of the broad scope of any role in cyber security. Joining workforce development programmes is also highly encouraged as it shows the candidate prioritises keeping up to speed with the industry and is keen to stay an expert in the field.

The next generation of CISOs should be business-oriented and have a deep understanding of financial risk management, which they can bestow onto others in the organisation. It’s important to recognise that the next CISOs may not be engineers. We hope the education system will begin incorporating more business and cyber security modules into their engineering programmes so that CISOs enter the field professionally with a baseline knowledge of business, which will inevitably expand throughout as careers progress. There is also a case for other programmes to add more security awareness into their curriculums, such as incorporating the fundamentals of cyber security into business school curriculum.

Often, a CISO is tasked with determining how to translate a technical problem into language the business leadership can understand. At every company, that level of awareness can vary greatly and create significant challenges for the business to properly account for the risk that cyber security presents to business operations.

Cyber security has never been a more prominent issue. Across industries, it is everyone’s responsibility to learn about the threat and internalise the best practices. As threats continue to increase, we hope to see companies taking charge of their security and implementing some of the practices Lexmark has in place to strengthen the business and bring staff together at the same time.