We live in a digital society. Technology and the Internet are part of the everyday lives of people and organizations. As technologies evolve, risks and threats evolve with them. We need to strengthen cybersecurity, but do we have the resources we need?
The latest massive cyberattacks on major companies was a wake-up call we cannot ignore. We are exposed and we are more vulnerable than we think.
The 2017 Global Information Security Workforce Study by the Center for Cyber Safety and Education and ISC reveals that more than 1.8 million cybersecurity workers will be needed by 2022.
The survey of 19,641 cybersecurity professionals in 170 different countries concludes that there are not enough cybersecurity workers in organizations to face today’s challenges.
Capabilities for attacks are on the rise and malware is constantly evolving, as are the tools hackers use to breach systems and sidestep security measures.
Cybersecurity requires expertise, training and constant learning in order to prevent and adequately respond to the evolving attacks.
What keeps cybersecurity professionals up at night?
Some of the threats that most concern cybersecurity professionals are:
- Erroneous security setups, a lack of technical or organizational measures that help to mitigate risk.
- Cyberterrorism and organized cybercrime.
- Attacks on access and authentication systems, which pose a serious security problem, especially for corporations.
- Data leaks, understood as “the deliberate or involuntary release of confidential or sensitive information to a media outlet or people who should not know it.” (Incibe)
- Social engineering, a rapidly expanding practice that involves obtaining information by deceiving and manipulating users. (e.g., phishing)
- Proliferation of the Internet of Things that allows many more objects to be insecurely connected to the Internet.
- Botnet, a network of infected devices that are controlled by organized cybercrime and used for massive attacks.
- Attacks that jeopardize the availability of companies’ services (DDoS)
- Malware in general, and ransomware in particular (like WannaCry), which are malicious software whose main purpose consists of damaging computers or stealing information. According to a report by F-Secure, malware and ransomware may have surpassed legitimate software.
The study shows that much work remains to be done to assure and protect companies from new versions of attacks like WannaCry, which impacted major companies.
Companies need an adequate, agile, preventive and especially, reactive labor force.
The challenge of recruiting cybersecurity experts
Threats are on the rise, as is the need for experts in defense and prevention. This means people with technical expertise and those able to work on raising awareness to strengthen the weakest link in the chain: the human factor. Both types of experts are essential and complement each other to reinforce security.
Another factor that will translate into a greater demand for cybersecurity professionals in companies is the changing security paradigm imposed by the new European Data Protection Regulation (RGPD), which will come into force in May 2018. This regulation will require all companies in the European Union to have more proactive security measures, including risk analysis. Some of these measures include identifying appropriate security measures depending on the detected risks, and managing security breaches, which must be notified to authorities as soon as they occur.
Companies will have to address these new challenges by recruiting cybersecurity professionals with both a technical and educational background, in order to continue reinforcing security.