Here’s the digest of a roundtable, with Tomasz Wojciechowski, Head of Cybersecurity at Spyrosoft; and Dominik Samociuk, Head of Security at Future Processing.
Cybersecurity has evolved exponentially over the past 20 years and the biggest transformation is its omnipresence. It has taken numerous names and shapes over the decades, with the technologies, procedures, and strategies necessary to safeguard hardware, information systems and data. Cybsafe founder, Oz Alashe, states that “cybersecurity barely existed a decade ago, and what was available was boring, unscientific, and ineffective. The art of cryptography has come a long way in the last half-century”.
During a Future Processing cybersecurity roundtable with industry professionals across software development, technology and business strategies, valuable insights were conveyed about the current state of the cybersecurity landscape and what had the biggest impact on the sector.
Ransomware
Cybersecurity is continuously evolving. Ransomware has become the organised crime of our generation. The evolution, however, has been closely related to the development of communication technology. The landscape has come a long way to secure data, from simple cyphers to more sophisticated algorithms. According to Tomasz Wojciechowski, Head of Cybersecurity at Spyrosoft, the landscape switch took place in mid 2000s. For most of its history, cybersecurity products mainly focused on preventing malicious code from getting to and running on a device. What originated as a hobbyist venture to terminate viruses on floppy disks has evolved into a multibillion-dollar industry with the aim to safeguard internet-connected devices.
Head of Security at Future Processing, Dominik Samociuk, mentions that ransomware has started to become more prominent in the past couple of years and poses a huge risk to organisations of varying sizes. Cyber-attacks on organisations, particularly small to medium-sized businesses, are becoming increasingly more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43 per cent of cyber-attacks target small businesses, whilst only 14% of these companies are prepared to defend themselves. Only
17pc of small to medium-sized businesses are financially equipped to recover from a cyber-attack.
Digitalisation and GDPR
Whilst it is impossible to describe every occurrence that shaped the development of the cybersecurity landscape, the General Data Protection Regulation (GDPR) has impacted IoT devices and the implementation of security by design across the UK. According to Samociuk, this compliance means that organisations would need to invest more in their company’s cybersecurity going forward. Cybersecurity is a board-level issue now for many companies. In the 2022 Cyber Security Intelligence Index, IBM found that there has been a 33pc in the number of incidents caused by vulnerability exploitations from 2020 to 2021. IBM also found that the health, manufacturing, and financial industries were the top three sectors under attack, due to the amount of personal data, intellectual property, and massive financial assets they hold. Consequently, resulting in the implementation of zero-trust models.
Digitisation increasingly infiltrates all aspects of our daily lives. We are witnessing the rapid adoption of machine learning and AI tools and a growing reliance on software, hardware, and cloud infrastructure. With the digitisation of many business models, organisations are more exposed to and create increased opportunities for cybercriminals. Although ransomware has been around for years, it has only now become the preferred cyber weapon of choice for hackers. Being able to exfiltrate and hold hostage IoT devices and data for ransom has made the deployment of this attack a growing trend. According to a report by CyberSecurity Ventures, a ransomware attack occurs every 11 seconds and the annual cost of damages will reach a total of £16 billion by the end of the year.
Skills gap
Companies are moving away from internal security teams and shifting to the collaboration and sharing of information within application and software communities to ensure the highest level of safety possible. Wojciechowski mentions that the skills gap within the cybersecurity sector is one of the biggest challenges the industry is facing. There is a cyber security personnel gap of more than 2.72 million positions. According to the 2021 (ISC) Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow by 65pc to effectively defend organisations against cyber-attacks. “The imbalance between supply and talent is unchanged,” says Jon Brandt, Director of Professional Practices and Innovation at ISACA. We live in an attention economy, and while no one professional can solve the entire industry’s cybersecurity skills shortage, we need to optimise the attention of the candidates we currently have.
The saying an ounce of prevention is worth a pound of cure has never been more important, particularly in an era where a single device performing unsolicited instructions supplies criminals with the basis they need to hold entire industries at ransom. Organisations must move beyond simply implementing stopgap measures and rather anticipate the next normal by determining how their entire system will work cohesively to provide adequate cybersecurity.
