We know that cyber-attacks are one of the top four risks to UK national security, and as much as espionage might not be the prevalent worry in the minds of the Great British public, we are certainly all conscious of the impact of a cyber-attack when it takes the form of fraud and hacktivism.
Spear-phising, malware, whaling and ransomware have become part of the modern vernacular, particularly within business. All business. From J. P Morgan falling victim to a spear-phishing campaign that resulted in the names, address, telephone numbers and email addresses of 76 million households and 8 million small businesses being stolen to the biggest attack on British soil in the infamous TalkTalk affair, which saw the telecom giant’s data compromised by two teenagers with too much time on their hands. And kids wreaking havoc is not the exception to the rule, the average age of today’s hacker being just 17. Our vulnerability cannot be more starkly demonstrated.
And without painting too bleak a picture. How on earth do we keep up with teenagers?
With hackers finding more ways to access information and the increase of Advanced Persistent Threats (APTs), this issue is certainly reaching board-level at a number of high-profile organisations, but the discussion remains vague. The definition, categorisation and even the language used in the context of cyber and cyber security is unfocussed, which does not bode well when it comes to identifying and classifying the evolving cyber-threats that organisations are facing. And indeed, the data protection act already requires organisations to take “appropriate technical and organisational measures” to protect personal data from unauthorised access, damage, loss or disclosure, so organisations, especially those within the financial services sector, may believe that they already have both the necessary infrastructure and compliance in place. But cyber security is not a box-ticking exercise.
Cyber security is all about risk, so the whole organisation needs to take responsibility for managing this with an ever-evolving cyber security programme that responds to the changing dynamics that hacktivists and government-led cyber-attacks present. And critically, the talent with the necessary skill-sets to that will be an organisation’s key line of defence.
Are There Any Positives?
With the UK market for cyber security predicted to be worth almost £3.4 billion by 2017, coupled with the prediction by security certification and industry body, (ISC)2, that companies and public sector organisations will need 6 million more security professionals by 2019, it is certainly not doom and gloom when it comes to finding a great job in this sector.
Tech professionals are in high demand with the government swooping in on much of the available talent and financial institutions, in particular, on the lookout for senior professionals whose sole purpose is to head-up cyber security teams. Such individuals are not only required to possess an understanding of the technical aspects of an organisation, but also legal knowledge in order to keep abreast with cyber and data regulations as well as the vital operational skills needed to ensure the day-to-day running of the business is affected as little as possible in the event of an attack.
For organisations trying to recruit talent, it is a different story. With a predicted shortfall of 1.5 million professionals needed, HR have a different kind of cyber-battle on their hands; attracting and retaining talent. But this is not insurmountable. In the same way that cyber-security is an organisation-wide responsibility, talent can be sourced from within the organisation, or indeed from any number of other sectors. Implementing a strong security programme will provide organisations with the focus to identify people with the appropriate aptitude and related skills to competently fill security-related roles.
If you want to get some advice or guidance about your next move in Cyber Security then our team would be happy to help. Take a look at the Cyber Security section on our website for more information or call us on 0207 870 9200 for a confidential chat. Alternatively, you can drop us an email firstname.lastname@example.org and we will be happy to help you.