Training just 8% of sales employees about cybersecurity threats… Institutionalized myopia. By design! For those who work in the Defense Industrial Base (DIB), compartmentalizing knowledge based on “Need to Know” is a mantra and culture. By reducing the number of people with access to sensitive information, the likelihood of it getting into the hands of the wrong people is reduced.
The problem arises when the concept of “Need to Know” is applied improperly. The “Behind the Firewall: Assessing Cyber Resilience in U.S. Manufacturing” released by the DoD in June 2024 found that only 8% of DIB companies train their sales team about cybersecurity threats and best practices. 34% of the executive leadership doesn’t receive training either!
The report’s findings reveal a compelling narrative: while 73% of manufacturers require annual cybersecurity training, the majority limit it to those in specific roles. This selective approach to cybersecurity education creates vulnerabilities within the very fabric of our defense manufacturing sector. It overlooks the fundamental truth that cybersecurity is not solely the domain of IT departments (88% of which are trained) or engineering teams. Security is a shared responsibility that cuts across every role and function within an organization. This segmented approach to cybersecurity awareness leaves critical areas of operations exposed to potential threats.
Obviously, both sales and executive leadership in DIB companies have access to sensitive information. Both are prone to phishing attacks. In my experience, sales is especially lured by the expedience that shadow IT offers at the expense of information protection. So, why aren’t they trained?
DIB manufacturing organizations must adopt inclusive and comprehensive cybersecurity training. It should be mandatory for all employees, regardless of role or level. Everyone has a “Need to Know” about cyber threats. This creates a culture of cybersecurity awareness. It recognizes that every employee is a guardian of sensitive information. It empowers individuals with knowledge and tools that are essential to safeguarding our defense manufacturing ecosystem.
Mandatory, role-agnostic training is a strategic investment in collective security. Moving forward, let’s ensure every employee, from the factory floor to the executive suite, becomes a vigilant defender of our nation’s security.
0 Comments