The key to securing businesses from cyber threats of tomorrow
The increased use of smart devices and the pandemic has forced a shift towards remote working, driving many organisations around the world to kick-start digital transformation programmes and adopt new technological and electronic methodologies. Philip Ingram MBE, Former Senior Intelligence & Security Officer and Head of Content at International Cyber Expo discusses.
This rapid adoption of new technologies has uncovered multiple opportunities and high-end operational capabilities to enable teams to work smarter and more efficiently. However, as organisations rush to keep their workforces online, it seems security is being left behind. In fact, a survey revealed that over half or more CISOs and CIOs said they haven’t fully mitigated the risks associated with remote work (50%), digitisation (53%) or cloud adoption (54%).
Complex cyber attacks within organisations of all types, are among the greatest threats to creating better operational efficiencies and processes through digital transformation. Every year, more and more organisations get caught out by cyber criminals, with damages running into billions worldwide. Indeed, the global cost of cybercrime is said to haveexceeded $6 trillion in 2021.
The attractiveness of data to cyber criminals means they continue to run campaigns to exploit a wealth of personally identifiable information (PII) for identity theft, financial fraud, account takeovers, or create spear phishing emails and social engineering attacks that lead to ransomware. This is in addition to the challenge that many organisations are working with a mix of outdated and legacy systems. For as many organisations that have kept up with the changing technology and cloud networking, there are still many lagging behind on dated computers and connections.
The overwhelming truth
Although digital transformation brings with it many benefits, it also dramatically changes the cybersecurity threat landscape for organisations and the challenges they face. As the use of digital technologies grows, so too does the threat surface, opening up many more areas for potential cyber attacks and data breaches.
For many organisations, an imminent cyber attack is inevitable. In April 2022, research from Trend Micro revealed that more than three-quarters of global organisations expect to be successfully hacked in the next 12 months. In fact, the electronics industry is already under a lot of pressure as they face chip shortages; add to that the cyber threats and we’ve got ourselves a perfect storm. Consider Delta Electronics, a Taiwanese electronics company and provider for Apple, Tesla, HP, and Dell with reported sales of $9 billion in 2021, which was hit by a ransomware attack in January 2022.
Taking all of the above into consideration, navigating the complexities of modern-day cybersecurity has never been more difficult. The increasing threat environment, expanding attack surface and continuous demands from various stakeholders for transparency are only adding to the challenges. It seems even the most talented cybersecurity professional can feel overwhelmed, made worse by the ongoing cyber skills gap.
Rallying our cybersecurity troops
The digital and cyber skills gap has long been a concern for the industry, resulting in overworked teams teetering on burnout. More than a human resources issue, this particular challenge also has grievous repercussions for business continuity, if not addressed. Indeed, earlier this year, Fortinet produced a research report which revealed that two-thirds of IT leaders worldwide are concerned about the risks they stand to face as a result of a skills gap within their organisation. The vast majority, or 80% of survey respondents, confirmed that they had experienced one or more breaches during the preceding 12 months due to a lack of cybersecurity awareness skills or awareness. Moreover, (ISC)2’s 2021 Cybersecurity Workforce Study estimates that an additional 2.72 million cyber professionals are required “to adequately defend…critical assets”. The talent shortage even threatens to stifle growth in the UK’s technology sector.
As the threat landscape continues to grow, evolve and intensify, we urgently need to step up as a community to tackle this issue. But what can, or should, be done?
The self-inflicted shortage
The truth of the matter is the industry’s skills shortage is largely self-inflicted. The first key mistake we make is believing we need to rally troops composed of the ‘cyber elite’, or professionals highly skilled in specific and technical fields of cybersecurity. While such talent is necessary for a country’s military defence and cybersecurity-focused enterprises, they are not essential for other organisations to run securely. Our cybersecurity ecosystem has evolved significantly since the industry originally emerged, and we now have a whole range of services and tools at our disposal to build a strong defence. Today, it is enough to bring onboard decently skilled individuals with the ability to leverage these resources effectively. This significantly widens the pool of talent we can access as it is no longer confined to a minority of individuals naturally gifted in STEM subjects. Rather, it allows for the possibility of qualification through training.
The importance of public and private sector collaboration
Cyber resilience is critical for all organisations today. The threat of attacks is not going away, so the focus must be on hardening the security of critical assets so that when criminals do target them, they are met with a robust and defensive force that prohibits them from reaching their goals.
One of the best ways to improve the UK’s cyber resilience is through collaboration. By uniting forces, the public and private sectors can work together to protect the UK as a joint responsibility, where they share intelligence, while also educating the public.
This union is a key aspect of the UK government’s Cyber Security Strategy 2022-2030, which delivers a vision of cybersecurity resilience through public-private sector collaboration. The strategy also outlines the importance of building security into the core of the UK’s infrastructure by deploying secure-by-design principles, the importance of sharing knowledge and improving cyber education to close the skills gap.
A meeting place for government, academia and industry
Our industry is full of impressive individuals with the resources and know-how to bring about the change we need to see. We just need a space for them to come together to do so, and that is exactly what the International Cyber Expo intends to be.
Held at Olympia London on the 27th - 28th September 2022, International Cyber Expo endeavours to be the go-to meeting place for industry collaboration, where everyone from vetted senior cybersecurity buyers, government officials and entrepreneurs, to software developers and venture capitalists, are welcome to share their experiences, knowledge and resources with peers. As one of the must-attend annual cybersecurity expos, the inclusive event is made for the community, by the community, hosts a world-class Global Cyber Summit, an exhibition space, live immersive demonstrations and informal networking.
Catherine Craig, the Channel Manager at 3M said of last year’s event: “We’ve had consistently good engagement and conversations on the stand. It’s been so helpful to be able to tap into a wide range of different markets and people all in one place. It’s been a great show and we’ve already signed up to return in 2022.”
Register for free tickets to the event here.
For more information on the event here.