The active recruitment and retention of high quality cyber security professionals has taken on increasing importance in the last 10 years — with the trajectory firmly on the up. The DDoS attack against the Labour Party recently highlighted that the issue is common to a range of organisations that have an online presence. 2019 has been a year of cyber security attack after attack. The country of Georgia was hit by a huge attack, just last month, which resulted in over 2000 websites and the national television station being impacted.
In August, hundreds of thousands of iPhone users were victims of a malicious hack. And in March the American Medical Collection Agency suffered from a data breach, where 7.7 million customers had personal data, such as their names, date of births and addresses stolen. Forbes has estimated $6 trillion will be spent on cyber related damages by 2021 — costing more than both natural disasters costs and the global trade of illegal drugs in a year. The number of unfilled cyber-security related positions now stands at 4.07 million, which has increased since last year (which stood at 2.93 million).
Therefore, the main question for most business owners is who is next? And how can I prevent it from being me?
What we need to remember about cyber attacks is everyone is vulnerable, but there are individuals at a higher risk. Half of cyber attackers target small businesses — this is due to small business owners thinking that their company is not worth being attacked and therefore not investing the money or means to protect themselves — making these types of organisations the perfect target. However, there is research to contradict this: ITPro argue that it is the bigger organisations who are more at risk to cyber crime. This is as a result of the larger enterprises being too diverse and complex to protect their entire architecture, leaving gaps for hackers to exploit. Certain industries are also more likely to fall victim to data breaches, including healthcare, accommodation, public, retail and finance sectors. All of these companies retain sensitive data, that hackers prefer to get their hands on.
There are numerous ways to try and prevent your company from falling victim to these vicious cyber attacks.
The Federal Communications Commission (FCC) recommends companies install a firewall, which produces a barrier between important data and hackers. Another suggestion is making sure any employees working from home have a separate firewall to protect their private network. Companies such as Norton, Juniper Networks and Fortinet all offer firewall packages, many of which can be tailored for your specific needs.
All companies should have a cyber-security policies document, in which all employees have access to, which in turn will result in all staff knowing the safest cyber-security practices relevant to your business. On top of this there are a variety of online cyber security training for both business owners and employees which could help avoid small mistakes from happening. For example, syncing a protected laptop and an unprotected mobile phone, which could make certain prevention methods ineffective.
Even though employees may find changing passwords on a regular basis a hassle, this is a simple way to add an extra layer of protection to your technology systems. Bill Carey, vice president of marketing and business development at Siber Systems, suggests passwords should require a variety of characters, such as uppercase, lowercase, numbers and symbols. He also mentions passwords SMB’s should change passwords every 60–90 days.
Even though most employees know not to open a phishing email, sometimes it just cannot be avoided. Verizon 2016 Data Breach Investigations Report found that 30 percent of employees opened phishing emails. These work by installing malware directly onto that computer through either following a link or opening an attachment. Installing anti-malware software will protect your computer from spyware, adware and worms through behaviour monitoring, sand-boxing and malware removal.
Although prevention is critical, sometimes all these methods can be used and an organisation is still unfortunately attacked. Regularly backing up your data is a way that will help your business recover as efficiently as possible. Storing important information, such as word documents, spreadsheets, databases etc. on the cloud is a great precaution as it results in it being very difficult to lose all of your data. Storing documents in different locations will also protect you from other disasters like fires and floods.
With regards to the lack of cyber security professionals, there are a few things being done to try and improve this situation. Recently educational degrees have been made an option solely focused around cyber security and crime — topics including cyber-terrorism, data privacy, ethical hacking etc. There are a variety of security training courses provided by both universities and IT businesses, for example Accenture.
The ability to define organisational security concerns is the first step in determining what level of preemptive protection is required. Whilst the training courses and degrees highlighted above are starting to increase the volume of qualified operatives available — the fact remains that it is a highly competitive field.
There is a global need for specialist cyber security professionals and the rate at which requirements are being released is not slowing down. Much is being done to train new people in to entry level positions as well as more experienced people who are re-training for a career change — but right now that is not enough.
Engage Infotech has been developing a specialised talent pool of candidate for a long period of time. They are not active candidates, but instead passively monitor opportunities themselves or review those being shared by their consultant at Engage Infotech. If you are in need of cyber-security professionals then do reach out, we can not promise we can fill all of your roles but the candidates we present will be very relevant and then it is over to you to convince them that the next opportunity with you is the right one. How do I achieve that?
Quite simple focus on these areas and you are going to be very close;
- Build an open and collaborative work environment
- Invest in your people for their continual development and education
- Provide opportunities to work flexible hours/work from home when possible
- Allow for flexible hours for parents who may need to collect their children
- Invest in tools and technology which allows your teams to focus on mission critical tasks
- Encourage inter-departmental activities and discussions
- Identify your company culture and cultivate it