by Christine Horton
As any organisation can confirm, the ability to recruit and retain qualified cybersecurity professionals is an ongoing struggle.
Government figures last year confirm that a high percentage of UK businesses lack staff with the technical, incident response and governance skills needed to manage their cybersecurity. Worryingly, almost half (48 percent) have a basic skills gap, meaning those in charge of cybersecurity lack the confidence to carry out basic tasks.
This is an enormous problem when the sophistication and frequency of modern cyberattacks mean organisations have never been more vulnerable to attack. At the same time, the financial and reputational repercussions from a data breach have also never been so severe.
Perfect storm for cyberattacks
The problem has been exacerbated by the coronavirus pandemic, leaving UK businesses exposed to an unprecedented level of cyberattack. Indeed, one 2020 survey reports that almost every business (99 percent) has suffered at least one security breach in the last 12 months – but the average organisation experienced 2.63 breaches.
There are several reasons for this. The rush to establish remote workforces meant security took a back seat in some cases. And never willing to let a good crisis go to waste, criminals have also been exploiting the crisis to launch a wave of attacks that seek to exploit users’ concerns surrounding the health crisis – the most common being a surge in COVID-related phishing scams.
Research shows that almost a quarter of cybersecurity pros say cybersecurity incidents at their organisation have increased since transitioning to remote work – with some tracking as many as double the number of incidents. The problem is exacerbated by many security pros being relocated from their usual tasks to help support the new remote workforce.
The dark web is thriving during COVID-19 too, with the commoditisation of malware making more sophisticated attack techniques available to a growing number of cybercriminals.
These gaps in traditional cyber defences – combined with the increase in remote working and isolated, and potentially stressed, employees – make it more difficult to spot potential attacks and help to create a perfect storm for cyberattacks.
First line of defence
There is, however, some good news. One study by cybersecurity association (ISC)² indicates a year-over-year reduction in the cybersecurity workforce gap, due in part to increased talent entry into the field and uncertain demand due to the economic impact of COVID-19 (perhaps it’s due to all those people in the arts the UK Government suggested should re-train for a career in cyber?)
But this is a small first step, and with the struggle to hire cybersecurity pros an ongoing problem, some organisations are looking instead to their existing employee base to bolster their defences against attacks. They are training them to recognise threats and take action – to effectively become a human firewall.
There are, of course, a host of fundamental issues around education and funding that need to be addressed to combat the skills gap. But steps like implementing formal security policies for employees working from home and providing training so they can more readily recognise and report any threats is a positive step. This is especially important given the current crisis, and the fact that more firms have now accepted that remote working is here to stay in one form or another. This will help to ensure good cybersecurity and mitigate the risks posed by increased remote work.