Attacks are increasing exponentially and are a reality for all individuals and companies. With ransomware as a service able to be bought on the dark web, anyone can be a cybercriminal and there is money to be made from it.
In addition, cybersecurity remains deeply siloed. According to Vasco Gomes, Global CTO for Cyberproducts, Atos ”it is typical for organizations to have somewhere between 15 and 50 different security technologies, and enough staff to be expert in about five of them, which does not help with the shortage of skills challenge.”
So how do we square the level of threat and complexity with the huge shortfall in cybersecurity professionals and what can organizations do to protect themselves?
Start with education
There is a startling lack of vocational courses available that are dedicated to cybersecurity. Despite its complexity and necessity, it continues to form just a small part of a broader computer sciences curriculum. Industry is working to address this gap by partnering with schools and colleges to provide courses and information. Exposing students to the realities within the market and giving them the awareness of what’s happening across the digital landscape is vital to improving knowledge. Cybersecurity is one of the most dynamic and changing areas in technology and a broad view is vital for learning.
Many governments are now also putting digital security awareness on the national curriculum to keep children and young people safe online. This early awareness may encourage more students to look deeper into the area.
Organizations themselves can also play a role in educating their employees on how they can help the cybersecurity effort and ensure it is viewed as a collective problem that needs to be managed. The main attack vectors are still around phishing and password security. Both can be managed down through a broad education program beginning at onboarding stage.
Explaining responsibilities and reporting principles are key. An active reporting line can be critical to an organization to identify attacks swiftly and mitigate their potential for harm.
Educate the C-suite
Nowhere is this more important than with the C-suite as executives are at increased risk of attack, particularly if they are well-known. They also need to understand the level of risk in order to set the right budget and priority for security across the business.
They must also consider the best way to manage security within their organization and avoid the temptation to keep the discipline entirely in- house. With experts in short supply, this can leave them exposed.
Partnership approach
A fully integrated partnership approach to security with the best tools, people and processes is the best approach.
When there is a shortage of professionals, we must pool our resources to support each other. Our professionals are continually learning and upskilling through wide access to data, labs and other professionals. We are able to hunt and detect threats proactively without being overwhelmed by the day-to-day volume of risks.
When there’s a shortage of professionals,” says Catalina “we must pool our resources to support each other. Our professionals are continually learning and upskilling through wide access to data, labs and other professionals. We are able to hunt and detect threats proactively without being overwhelmed by the day-to-day volume of risks.