Enhancing cybersecurity skills for a safer tomorrow

From awareness to knowledge

CYRUS strives to design and implement training programmes to enhance the cybersecurity skills of employees in the transport and manufacturing sectors at all levels. The objective is to give them the means to identify and mitigate cyber threats. Therefore, the training strategy will be highly customised to the workforce’s skills, know-how and needs.

“It is very common to point out that individuals represent the weak spot, the main issue in the cybersecurity chain. Instead, we should positively overturn this perspective and start considering humans as the solution, a key asset towards cyber preparedness and defence”, says Bruno De Rosa from Union Internationale des Chemins de Fer (UIC).

To get a better understanding of the cybersecurity risk awareness, competencies, skill gaps and training needs of the workforce, the project partners interviewed representatives of 79 organisations from the transport and manufacturing sectors.

“Overall, the gathered outcome from the survey highlights the importance of raising awareness through training programmes, particularly among non-technical positions, also including management roles, for example, responsible for finance and human resources,” says Valentina Ferrarese from Cefriel.

Awareness is key when it comes to cybersecurity

In small groups, the project partners discussed the results of the survey with external cybersecurity experts and potential participants of the training courses. In the conversations, the attendees also shared their experiences.

“It seems that the companies do not have a focus on cybersecurity. People need to be informed about potential risks and how to act when they get affected. The companies need to build a cybersecurity culture,” states Andrea Castello from Italienische Handelskammer für Deutschland (ITKAM).

Raising awareness

The discussions demonstrated that the level of awareness of and knowledge about cybersecurity especially among small enterprises is very low.

The conclusion? Initial training should focus on raising awareness of cybersecurity to illustrate its importance and make staff aware of potential risks.

“The focus group reminded me that everybody can be confronted with a cyber attack these days. Almost all employees, independent of their roles, need to be made aware of cyber threats and preventive methods,” says a participant of one of the discussions.

In addition, everybody must be aware of the impact of their behaviour and take precautions seriously. Supervisors and managers play a crucial role in ensuring efficient and secure processes.

“Businesses still respond to hacks rather than taking preventative measures. Standard cybersecurity technologies are frequently used, but training is rarely considered an investment”, says Marina Baptista from the European Federation for Welding, Joining and Cutting (EWF).

Since active learning methods like teaching others, learning by doing and group discussions show particularly good knowledge retention, they will be a large part of the training assessment methodology.

Customised training

Since different personnel in different organisations, sectors and countries have varying levels of expertise, the CYRUS trainings will be customised to the users’ skills, know-how and needs and include technical and behavioural components.

Overall, the trainings will

  • raise awareness throughout the organisation
  • increase IT and cybersecurity knowledge
  • train the right handling of soft- and hardware
  • convey knowledge about the current threat landscape, at least to the extent that could affect their specific roles

Implementing security measures

As security measures extend beyond individual responsibility, training should empower entire companies to foster and encourage early reporting in case an attack occurs. The responsible teams require support in defining internal policies and increasing their technical response, resulting in well-defined procedures for identifying and addressing various cyber attacks.

Other safety measures to reduce the vulnerabilities to potential cyber attacks collected in the discussion rounds are

  • explain IT security concepts
  • restrict private activities on business end devices
  • separate the internal network from a network for guests and create subnets, e.g., for R&D and management, to minimise cross-network access
  • enforce cross-team cooperation as an advantage for prevention and early detection of potential issues
  • improve IT security overall with the usage of VPN, implementing a secure network structure and updating the infrastructure regularly

A look into the future

The survey revealed a lack of awareness when it comes to cybersecurity, bringing out the urgency of raising awareness through dedicated training initiatives.

Additionally, the discussions with external cybersecurity experts and potential participants highlighted the necessity of building a cybersecurity culture within companies and raising awareness about cybersecurity’s importance and potential risks.

All the results will be incorporated into the creation of the training courses. This means that the next step is creating the cybersecurity competence framework, which facilitates transitions from education to work, matches people’s skills with the main labour market trends and demands, informs people about available jobs and career pathways and identifies current and future employability skills.

Subscribe to our newsletter to stay up to date on the project’s progress!