Navigating the Cybersecurity Storm while Building Enduring Trust

Cyber security resources are in high demand. The challenge for organisations is that there is a shortage of the right kinds of resources for security roles. In this new series of blogs I examine the reasons for the growth in cyber roles and the rise of co-sourcing as a preferred option for today’s CIOs. Before I do that, let’s start with some startling stats:

Postings for cyber roles have grown by 91% in the period 2010 – 2014 in comparison to 28% growth for general IT postings. Indeed, cyber roles also have a salary premium of around $6,500 over general IT roles.

Financial services and healthcare (unsurprisingly with their focus on sensitive information) have seen some of the largest increases in roles being posted, up by 131% and 118% respectively. Security roles tend to have a higher demand for experience, with 48% of roles requiring a minimum 3-5 years of experience.

So what’s the impact?

64% of organisations of all sizes lack the time to manage all of their security activities*. This figure also tallies with Fifth Step’s own figures that say 64% of our engagements are as a result of a lack of bandwidth within the organisation.

Meanwhile, 45% of organisations lack the ability to test existing security plans fully and 38% of organisations say they lack investment in creating effective security processes.* Organisation therefore do not have the time or the ability to do the basics. As a result they are doomed to continue to repeat their mistakes, leaving them more exposed to cyber-attacks.

In today’s environment, organisations are under an increasing amount of scrutiny from regulations and from global regulation (FATCA, SOX, Solvency II, HIPPA, PIPPA, GDPR, Data Protection, NIS and a plethora of others), requiring them to be able to not only protect their assets but evidence to third parties that they’re doing so.

Ultimately, over stretched security departments may be leaving their organisation’s vulnerable both to cyber-attack and regulatory action.

CYBER SECURITY IS DIFFERENT

Hackers, malware and other attack vectors often don’t discriminate between the size, industry sector or other variables of organisations. Everyone is fair game. This is a constantly evolving threat. To my knowledge, the evolution of house-breaking techniques has really not changed hugely in the last couple of hundred years – however, cyber attacks are constantly evolving.

Unlike other risks that organisation’s face and mitigate, Cyber knowledge is always on the move. To stand still in information security and cyber security is to become more vulnerable relative to the market. You don’t want to be a comparatively soft target. Remember that security teams are often small - 66% of organisations have a team of 10 people or less.* Whilst not unique to information security, the cross business aspects of this area makes it different, and often more complex.

In my next blog I will look at how to magnify cyber resources.

* Statistics from the SC Magazine MarketFocus May 2016 – Co-Sourcing SIEM

Darren Wray