Page 61 - Cyber Warnings
P. 61
How to survive the cybersecurity expertise shortfall
By François Amigorena, CEO, IS Decisions
Analysts everywhere are fretting about the lack of cybersecurity professionals across the world.
The Cybersecurity Jobs Report believes the global shortfall of cybersecurity workers will reach
2
1.5 million by 2019. (ISC) believes the shortfall will reach 1.8 million in five years.
These figures are having an intense effect on businesses, who are very much starting to feel the
pinch. A recent report by the Intel Security and the Centre for Strategic and International Studies
(CSIS) found that 15% of cybersecurity positions in companies will go unfilled by 2020 — with
most businesses saying the skills shortage is worse than talent deficits in other IT professions.
The reason, according to many of the respondents in the CSIS study, is the education system
within each country, which doesn’t prepare students for the industry. As with any ‘security’ role,
education is key, but why does the emphasis lie on cybersecurity professionals alone?
The weakest point in any organisation’s cyber defences is the people, ergo, education should
be a part of everybody’s working life — not just the lives of the experts. In fact, education is
arguably more important when it comes to the average employee than an IT-savvy administrator
because the average employee is the one who needs it the most. In the same way that those
who need to go to the doctor for help are the sick, not the healthy.
Every employee, from the intern to the CEO, needs to be aware of the cybersecurity risk they
pose to their own company. If they’re not, the consequences can be disastrous. Just look at the
recent cyberattacks on companies like Anthem, Sony, eBay, Dropbox and Sage. With Anthem,
78.8 million customers’ details were leaked. With Sony, 100 terabytes of sensitive data was
stolen. Dropbox suffered to the tune of 68 million customer account details being stolen. 233
million customer account details were hacked with eBay, and 280 UK clients were compromised
in the Sage attack. What was the common factor underpinning each of these attacks? A
compromised login from an average-level employee that fell into the wrong hands.
Hackers love exploiting the naivety of employees because it’s so easy. All it takes is one
successful phishing email to persuade just one employee to hand over their corporate login
details. Then a hacker effectively has a company key into a safe house of valuable information.
And once that hacker gains entry to your systems, you’re not going to find out until it’s too late
— your anti-virus and perimeter systems aren’t programmed to pick up on access using
legitimate login details, giving snoopers all the time in the world to, well, snoop.
The key to protecting against these types of security breaches is a mix of education and
technology.
61 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
