Over the last few years, cyber attacks have become increasingly frequent, impacting everyone from small businesses to large international corporations, Including the UK Government this weekend. Unfortunately, UK firms haven’t been exempt from this, with the number of companies hit by such attacks having doubled in 2016 in comparison to 2015.
Most recently, WannaCry, one of the most widespread global ransomware attacks in history, affected over 100 countries and even took entire NHS practices out of action, severely disrupting public health services in the UK. Despite the growing awareness and publicity around cyber hazards, digital vulnerabilities continue to pose as big of a threat to organisations as ever before.
>See also: Demand for cyber security skills increasing
So, why are companies still failing to prevent cyber attacks? The answer to this question is rather complex. To start with, there is a huge technology skills gap in the UK that companies are struggling to overcome.
Currently, there are three times as many IT jobs out there as there are available candidates. Equally, a recent Frost & Sullivan report suggests that there could be as many as 1.5 million security jobs to fill by 2020.
UK businesses are faced with a serious shortage of trained cyber security professionals that can help them fend off spam, BYOD vulnerabilities, APTs, spear-phishing or anything more advanced.
However, another part of the problem is a lack of cyber security professionals emerging from our education systems – something businesses have little influence over. The Government has started to take action with initiatives such as the Cyber Schools Programme. Aimed at youths aged between 14 and 18, the programme will train at least 5,700 teenagers in cyber skills by 2021.
To support this effort, organisations need to create their own internships, apprenticeships and job opportunities for young adults to advance their careers. Increasing awareness will get people interested in the industry early on.
When hiring for cybersecurity professionals, many companies fail to identify what specifically they are looking for. A good starting point here is to set expectations. Before starting the recruitment process, businesses need to first establish what expectations they actually have. This can range from a one-off network ecosystem evaluation to routinely testing security and establishing protocols.
Clearly communicating the scope to the candidate will ensure that they fully understand the requirements of the role before taking it on, so they can best meet expectations in return.
Furthermore, it is essential that employees, IT professionals in particular, have the right tools to prevent cyber-attacks from happening and to contain them if they do occur. This doesn’t just mean providing employees with the latest tools. They also need to have sufficient time to test them, research new attacks and analyse events to be continually improving upon their security practices and systems.
>See also: Cybersecurity brain drain: the silent killer
This is where many organisations fall short. A survey by Ovum revealed that less than half of UK businesses plan to increase their cybersecurity investments. Clearly more needs to be done on this front.
Finally, businesses must realise that the solution doesn’t solely lie with having a knowledgeable and skilled security team. Every employee is a potential target. Basic cyber security education that looks at how to spot vulnerabilities and avoid attacks should be integral to the on-boarding processes. Hackers are continuously probing defences so company-wide training will help address any weaknesses in the business that could be exploited.
Of course, businesses can’t solve the skills gap with just a few training sessions. It will require a complete overhaul in how cyber security talent is developed throughout secondary education and the recruitment of talent. Although it can be a substantial investment, it’s an essential one to finally see the number of cyber-attacks and the massive damages they can cause, decrease.
Sourced by Ryan Barrett, VP Security and Privacy, Intermedia
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here