Upskilling staff is key to mitigating cyber attacks: Here's how a cybersecurity certification can help

UK organizations are facing a perfect storm of an intensified threat landscape coupled with already overstretched Security Operations Centers (SOCs) tasked with protecting and defending against attacks.

Cyberattacks are on the rise, with some 38% of organizations saying they are encountering more attacks now compared to one year ago, according to ISACA’s State of Cybersecurity survey report, which was produced in collaboration with Adobe.

This heightened threat level means many early-career security professionals are thrown in the deep end and expected to help respond to the challenges without sufficient knowledge or hands-on experience.

As such, organizations need to explore and embrace every opportunity to face such attacks operationally, technically, and structurally, whilst ensuring all employees are well equipped to do so.

Employees, especially those with only a few years of experience under their belts, must have the necessary training, support, and growth opportunities to perform their roles, mindful of the risks but also the vital role they can play. In doing so, businesses can ensure they are taking every step possible to mitigate cyber risk and preserve trust with their stakeholders.

Rising cyber attacks, but not rising skills

With cyber attack instances growing year on year, organizations are facing mounting pressure and increasing operational strain. They recognize the need to detect and respond to threats while also ensuring employees have the necessary skills and knowledge to do so with confidence. But they are also struggling to cope with a shortfall in hands-on experience and technical capacity, particularly when it comes to those early in their career.

One route to combating this rise is through investment in the workforce. This is clear and obvious, given the way that many who work in the cybersecurity industry feel there is a lack of both skills and staffing.

“Social engineering attacks, such as phishing, are a growing concern for organizations as human error remains a major factor in data breaches," said Mike Mellor, vice president of cyber operations at Adobe.

"With the increasing frequency and sophistication of these attacks, it’s essential for organizations to adopt secure authentication methods to strengthen their defenses. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication, are essential in safeguarding any organization.”

Some 40% of leaders feel they have limited capabilities and expertise at their disposal to understand the threats they face, according to an Adarma report. In addition, 43% of those surveyed said they have some, little, or no capabilities or expertise to detect and respond to potential threats.

Furthermore, a quarter of respondents to the survey reported that they have limited capability or expertise to respond to an incident themselves.

These particularly alarming findings suggest there is a gap in the industry that must be addressed by hands-on skills and training.

Organizations like the global professional association ISACA have responded to the need for a skills injection in the industry with the launch of its Certified Cybersecurity Operations Analyst (CCOA) certification. With a hybrid blend of knowledge and performance-based skills testing, it is designed for analysts working in the cybersecurity industry and is engineered to validate the technical skills needed to detect and respond to various modern threats.

There is also the knock-on effect on current, experienced staff to consider. ISACA's Tech Culture and Workplace report found that close to three-quarters (73%) of IT professionals in Europe experience work-related stress and burnout. Heavy workloads are attributed to stress by 61% of those asked, too. Furthermore, ISACA’s State of Cybersecurity survey found that 68% of cybersecurity professionals in Europe say their role is more stressful today than it was five years ago.

“With skilled employees in such high demand, it is in companies’ best interests and simply the right thing to do to make sure the tech workforce feels supported, motivated, and invested in. Younger IT professionals are switching jobs at a much higher rate, highlighting the need for better retention strategies, including clear career growth pathways and a focus on work-life balance,” said Chris Dimitriadis, ISACA’s chief global strategy officer.

“At the same time, experienced professionals must be given the support they need to stay engaged and continue contributing their expertise. A balanced, well-supported workforce is key to sustaining the industry’s growth and innovation.”

The operational strain companies are facing is a direct result of the cyber skills gap. Indeed, the data backs this up with hiring/retention challenges and lack of training/skills cited by 47% and 40% of European State of Cybersecurity survey respondents.

Employers increasingly expect junior cybersecurity staff to arrive with hands-on experience already under their belts. According to ISACA’s State of Cybersecurity report, 73% of respondents cited practical experience as the top hiring requirement.

This presents a paradox for those who are either new in their roles or those who are seeking to take on their first challenge, given that they lack the necessary hands-on incident response experience that many organizations now crave. Investing in new and existing staff, however, can be one way to safely lower the barrier to entry to welcome new talent while upskilling them at pace.

Often, the talent and desire to learn exist; organizations just need to nurture it and ensure employees are well-supported from day one.

A modern cybersecurity certification

Certifications combining technical, hands-on learning with theoretical knowledge are a rarity. ISACA’s Certified Cybersecurity Operations Analyst certification(CCOA) does just that—preparing professionals to analyse, detect, and respond to real-world threats from day one.

Designed for analysts across InfoSec, SOC, vulnerability, incident response, and cybersecurity roles, CCOA goes beyond theory. It uses a mix of multiple-choice and performance-based assessments to mirror the pressures of frontline work, helping professionals build confidence through experience and applied learning.

Aimed at those with around two years of experience, CCOA supports career advancement while helping employers develop skilled, operationally ready talent. By upskilling junior analysts, organisations can boost SOC capacity, accelerate response times, and enhance overall cyber resilience.

CCOA spans five core domains - technology essentials, cybersecurity principles and risk, adversarial tactics, incident detection and response, and securing assets, supported by tasks that simulate the realities of day-to-day work. It also addresses modern challenges like AI-driven attacks and evolving regulatory requirements.

“Cybersecurity professionals are often expected to have years of hands-on experience, even early in their careers,” said Shannon Donahue, ISACA’s Chief Content and Publishing Officer. “Demonstrating real-world skills and a strong foundation in both technical and business domains gives candidates a clear edge.”

CCOA is a smart, cost-effective way for employers to develop job-ready talent quickly and at scale. For junior professionals, it removes the pressure of learning everything on the job, while acting as a stepping stone toward advanced certifications. Graduates also benefit from a one-year education waiver toward ISACA’s Certified Information Security Manager (CISM) qualification.

In today’s threat landscape, practical capability is everything. CCOA helps build it with confidence, credibility, and career momentum.

ISACA offers a wide range of options for IT leaders at all stages of their career, which continue to provide value to the individual and the business and keep skills and knowledge relevant in an industry where the threat landscape and demands both intensify and evolve.

While the catalog is vast, one notable recent addition is ISACA’s Advanced in AI Security Management (AAISM) certification, which is an industry-first AI-centric security management credential created with the aim of greater enterprise resilience and competitive advantage. It’s currently in beta, and those taking part must already possess ISACA’s CISM or Certified Information Systems Security Professional (CISSP) qualifications.