The war against cybercrime needs more soldiers, writes Mark Hill, pictured the CIO (Chief Information Officer) at IT recruitment company Nigel Frank International.
As more organisations take their operations online, businesses are changing the way they approach security. Faced with unrelenting digital crime, companies are looking to strengthen their security practices and implement new processes to safeguard their valuable data, and by extension, their reputation in the market. Digital transformation is leaving no industry, sector, business, big or small, untouched. The use of XaaS platforms and IoT continues to grow, improving efficiency but broadening the surface area of vulnerability for businesses who don’t prioritise security. The Department for Business, Innovation and Skills (BIS) found that 93 per cent of large organisations in the UK were targeted by cyberattacks between 2017 and 2018.
Rising demand for professionals
But even for those that are taking clear steps to protect their business from cyber-attacks, however, there’s a major barrier standing in their way: talent. The need for cyber-security professionals right now far outstrips the number of skilled workers available to meet demand. The rate at which the goalposts move in cyber, with the already problematic skills shortages in the wider tech market, has created a skills gap, constantly widening. Cybersecurity professionals simply can’t be produced fast enough, and those already in the workforce often struggle to keep up with the changing needs of their organisation.
Machine learning and AI are becoming increasingly crucial tools against cybercrime, but even with artificial intelligence in their corner, businesses still need experts on hand to help them implement, configure, and maintain their defences. This talent gap is a global issue, with a Cybersecurity Ventures report predicting a shortfall of 3.5 million cybersecurity professionals by 2021.
There’s no overnight fix for a shortage of this nature. Generating the talent required will involve a multifaceted approach by businesses, the government, and our education system. To try and close the country’s skills gap, businesses are being advised to develop skills internally, using existing resource and focusing on training and upskilling to help meet their security needs.
Most in-demand roles
Cybersecurity experts of any variety are becoming like gold dust, but there are a few roles to look out for if you want to get ahead in the battle for security talent. Organisations are beginning to realise that security should be built into their digital arsenal by design, not as an afterthought. And they’re employing DevSecOps engineers to find ways to infuse security measures into every stage of application development and automate key security chores wherever possible. As digital security rightfully becomes acknowledged as its own entity, more businesses are starting to employ dedicated security managers. Tasked with developing and implementing digital tools, rolling out policies, and performing audits to ensure the protection of business data, security managers may also find themselves controlling budgets for security operations, recruiting talent, and delivering ongoing training to the wider business.
Before you know how to tighten up your security measures, you need to find the weak points. By the time the crooks find those holes, it’s already too late, so many businesses are now utilising teams of so-called ethical hackers to assess their defences. Penetration testers run formal tests on applications, networks, and systems to locate vulnerabilities and consult on fixes before they can be exploited by criminals.
Emerging trends
Businesses are facing ever-evolving methods of cyberattacks from criminals out to steal, manipulate or hold hostage their data. With a shortage of experts to help combat these threats, businesses need to be more proactive than ever when staying on top of developments that could endanger their operations. So what should organisations be watching out for in the near future?
Biometric authentication is considered to be one of the most secure login methods, but attackers are beginning to zero in on vulnerabilities in tech like touch ID sensors and facial recognition scanners. We’re expecting to see more widespread theft and abuse of biometric data in the coming year. AI can help prevent cyberattacks, but don’t forget that cybersecurity is an arms race; whatever you have, the criminals will have too. AI and machine learning are likely to be further used for nefarious means; we’ll see more advanced exploitation of AI to carry out and conceal new exploits. Hackers will develop new ways to infiltrate AI systems to corrupt their logic and bring them down from the inside. Plus, new developments like AI-generated ‘deepfake’ video and audio could be used to increase the realism of phishing scams or spread misinformation.
With the growing use of IoT devices, criminals will seek out vulnerable, unpatched devices as gateways to large networks. Weaknesses in IoT devices will allow hackers to level-up from DDoS attacks to assaults with much more severe repercussions, such as those that take down critical infrastructure.
