Recent news about international cybergangs and government-sponsored cyberattacks certainly raised awareness about cybersecurity and the dangers that today’s network-connected world pose to business and personal data. However, threats to companies are not relegated to international syndicates, and all businesses must recognize that cybersecurity is a problem that’s knocking at network back doors all the time. In fact, the greatest dangers might lurk very close to home.
Where the Wild Things Are
Not surprisingly, threats are everywhere. Global connectivity has transformed from the Internet to the Internet of Things, where countless consumer and commercial devices are now designed to interact with and communicate over networks. The Q3 Data Breach Trends, a report by Risk Based Security, found that more than 3,000 individual security incidents occurred in the first nine months of 2015 alone, resulting in the exposure of 366 million records. These incidents were reported across many industry sectors, including business, education, government and healthcare. More than 66% of security incidents were a result of malicious hacking, which made this form of intrusion the most common method of cyberattack from outside sources.
But there’s another side to cyber-risk – inside. The Security Risks Survey, conducted by Kaspersky Lab and B2B International revealed that 73% of companies have been affected by internal information security incidents, and that the largest single cause of data loss is by employees. Whether done intentionally or accidentally, employees have greater access to network and information resources and, therefore, pose one of the greatest risks to company resources.
Who’s Taming the Beast?
The problem is, there’s not enough talent in the market to take on all the challenges facing today’s organizations. Cyber threats are outpacing the ability to train and hire in-house information security professionals that form the first line of defense against them. In the 2015 Global Cybersecurity Status Report produced by ISACA, 86% of survey respondents believe there is a shortage of skilled cybersecurity professionals. And while 37% responded that they intended to hire more cybersecurity professionals in 2015 that might be an uphill battle. Cybersecurity-related job postings in the U.S. took 14 per cent longer to fill than the average for all jobs, according to the security certification organization, (ISC)2. Many sources suggest that the current shortage of skilled talent exceeds 1 million positions and that shortages are expected through the end of the decade.
With IT as a driver of the U.S. economy, why the shortage? One factor is the lack of new talent entering the field. Between 1/3 and ½ of Millennials, though immersed in a digital lifestyle, don’t know what cybersecurity is or that it is a viable career option for them. Furthermore, IT education is a broad-based discipline that only scratches the surface of the skills that information security professionals need to succeed – skills that include superior problem solving and analysis, communication, technical domain knowledge and business acumen such as consensus building across organizational functions and stakeholders.
Security Is Closer Than You Think
The situation may not be as dire as you think. While the media is emphasizing new talent pools, there is a phalanx of cybersecurity professionals in the market today. Many are associated with independent cybersecurity consulting firms that have experience working with medium to large enterprises, understand complex information systems, and provide service to a regional or national client base. Additionally, many organizations will simply not be able to afford the premium salaries that information security professionals command in this highly competitive marketplace. Using outside resources can provide the expertise you need to secure your networks and monitor business risk while saving the expense of one or more FTE.
Branch Rickey, a former Major League Baseball executive once said, “Never surrender opportunity for security.” Unless, of course, the opportunity is security. Waiting for the right candidate with the right qualifications at the right price can put your business at risk. Instead, bring in the experienced resources you need to complement your IT team, fortify your networks, and strengthen your security policies — before disaster strikes.
TECHNOLOGY FOR A SECURE FUTURE