From the inception of the internet, cyber security has become increasingly more important. As the internet has permeated more and more aspects of our lives, our reliance upon the security of our information has become paramount to every one of us. Yet the future of cyber security is rather uncertain, despite the gravity of its importance, and many firms are finding both knowledgeable and high quality cyber security staff increasingly difficult to find.
According to a CompTIA report entitled The Evolution of Security Skills, nearly half of the global ICT firms that were surveyed stated that they felt cyber security would become a significantly higher priority in the next 2 years. Regardless of these predictions, 34% of companies felt there was a low understanding of new threats, whilst 28% admitted to a low understanding of cyber security technology. But where is this lack of knowledge stemming from?
A study entitled, State of Cyber Security 2017, performed by ISACA (Information Systems Audit and Control Association), suggested that cyber security staff are becoming increasingly difficult to find in such a rapidly expanding and evolving field. The report was based on a survey of 633 cyber security specialists across North America and Europe, with 27% stating that they were unable to fill open cyber security positions in their businesses and another 14% unsure as to whether they would ever fill those positions.
Given the sheer amount of sensitive data that many companies hold about us, it is shocking to see the problems that are arising in cyber security at the moment – trends that are unlikely to change course any time soon.
CIO Magazine (from IDG) recently expressed concern that the “good enough” trend that permeates our culture in an editorial piece, and how it is seeping slowing into how we look at cyber security, stating openly that: “I’d go so far as to say the single greatest cyber threat to organizations today is the “good enough” standard that’s being sold by key players within the cyber security industry.“
CIO Magazine are particularly concerned about the use of “vulnerability scans”, that have been used for many years in cyber security and detect out of date patches and software. However, the problem lies in the fact that 90% of Vulnerabilities are not known or detected by using this type of software.
One third of firms consider insider threats to be the security issue they worry about most, according to the 2017 cybersecurity Trends Report, whilst half felt that this was the most challenging form of attack to detect or prevent. Given that applications are insecure by design, and that there are often some thousands of unforeseeable vulnerabilities or misconfigurations, it would seem unwise to rely upon vulnerability scans as a main defence against cyber-security threats.
However, there are those who believe that companies are not doing enough to promote cyber security awareness and practices within their own companies. We spoke to Mike D. Kail, Chief Innovation Officer of Cybric, who believes that the onus should be on executives to find solutions to these problems rather than simply complain:
“The constant conversation around the lack of cybersecurity talent and the increasing skill shortages isn’t helping. CIOs and CISOs need to start providing overall security awareness training and talk about the ‘why’ instead of the ‘how’, which is a shift from a control-driven function to one with greater context. Confidence in cybersecurity will only be increased by taking a data-driven approach and making security testing a continuous process (strategy) instead of a periodic process (tactical).”
This sort of strategy was proposed in the The Evolution of Security Skills report, which recommended training courses, testing, and awareness programs aimed at educating an entire workforce. There needs to be an active promotion of cyber security knowledge across the tech world, the industry needs to change itself from the inside-out. By promoting cyber security education internally, cyber security as a whole will benefit.
By Josh Hamilton
