The hot topic in current news is undoubtedly cybersecurity-centric following the global ransomware attack bringing the need for tougher data security measures into the spotlight. The hope certainly is to “refocus IT attention on updating security infrastructure and procedures” according to a report by analysts at Wedbush with business expenditure on cyber protection set to increase by 10% in Britain and Europe by 2020.
Though companies have recognised a need to invest in IT, the same has not been true for its cybersecurity component and with company repute, stakeholder, consumer and investor confidence in the balance and the threat of huge fines imminent once GDPR rolls in next year; the need to give cybersecurity the attention it deserves is paramount.
Hackers and cyber-criminals want to take the path of least resistance when infiltrating an enterprise, and the easiest road in? The employees. Very often, hacks and scams occur due to a lack of training or simply human error. Companies must set a tone which starts from the very top of their hierarchy to promote a culture of cybersecurity awareness and with that in place foster a set of behaviours that call for consistency among employees to prevent against areas of vulnerability. Anything from bag checks to a rule that no work documents leave the building will reinforce the message of security within an organisation. In addition to cultivating a culture which advocates security awareness, organisations need also to be doing everything they can to bolster their cybersecurity workforce.
The cybersecurity field is one of the hottest in the technology space, however due to a lack of both knowledge and awareness of the importance of cybersecurity to business, the facets both financially and functionally are not in place to get the right people on board. The shortage of qualified candidates means the tech industry needs to refine their thinking when it comes to strategising on talent acquisition. Diversity, in regards to gender, ethnicity and discipline, is arguably the only viable remedy to the current skills deficit plaguing cybersecurity.
While diversifying across the reaches of ethnicity and gender, in efforts to increase the currently meagre female security contingent of 11%, the industry also needs to adopt an interdisciplinary approach to its hiring agenda. While those with a deep technical understanding are undoubtedly the most sought after, effective cybersecurity should also be drawing input from other sectors and other departments within an organisation. Those working in areas from compliance and legal to human resources, management and communications could all offer valid perspectives to add to the cybersecurity conversation.
The concept of promoting cross-training of individuals from other areas of the business supports the reality that most cybersecurity problems often have little or no technical component, meaning professionals with some experience in areas such as communication, recovery planning and incident response could well be suited to a career in cybersecurity.
Looking further afield to include the non-obvious candidates, will likely benefit the future of cybersecurity, by integrating these diverse skills, perspectives and situations. Essentially, the fundamental strength an individual possesses could determine their place in cybersecurity, whether that be in dealing with people, understanding technology, being proficient with admin, having a knack for effective management or simply knowing how to make information accessible and relatable to different types of people in order to educate them on the need for and function of cybersecurity. All these skills have a role in cyber, with human and social behaviour a key element in understanding and preventing cyber-attacks.
For the future of cybersecurity and its global impact on business and consumers, organisations and candidates alike need to be looking at their criteria and strengths respectively to benefit one another and ultimately secure a solution to the hundreds of cybersecurity jobs waiting to be filled.