By Philip Ingram MBE, Former Senior Intelligence & Security Officer and Head of Content at International Cyber Expo
The rising use of smart devices and cloud software as well as the lasting effects of the pandemic has forced a shift towards remote working and altered data centre landscapes like never before. The rapid adoption of new technologies has uncovered multiple opportunities and high-end operational capabilities to enable teams to work smarter and more efficiently. However, as organisations rush to keep their workforces online, it seems security is being left behind. In fact, a survey revealed that over half or more CISOs and CIOs said they haven’t fully mitigated the risks associated with remote work (50%), digitisation (53%) or cloud adoption (54%).
Complex cyber attacks within government, public sector, and private organisations are among the greatest threats to creating better operational efficiencies and processes through digital transformation. Every year, more and more organisations get caught out by cyber criminals, with damages running into billions worldwide. Indeed, the global cost of cyber crime is said to have exceeded $6 trillion in 2021.
The overwhelming truth
Although digital transformation brings with it many benefits, it also dramatically changes the cyber security threat landscape for organisations and the challenges they face. As the use of digital technologies grows so does the threat surface, opening up many more areas for potential cyber-attacks and data breaches. With the drastic uptick in cloud computing and an ever-growing expansion of supply chains, organisations are juggling to protect both on-prem and off-prem data centres. Indeed, the security of the cloud consumer is now reliant in part on the cloud service provider (CSP) along with the associated providers of SaaS tools, skewing visibility and blurring responsibilities.
Taking all of the above into consideration, navigating the complexities of modern-day cyber security has never been harder. The increasing threat environment, expanding attack surface and continuous demands from various stakeholders for transparency are only adding to the challenges. It seems even the most talented cyber security professional can feel overwhelmed, made worse by the ongoing cyber skills gap.
Rallying our cyber security troops
The digital and cyber skills gap has long been a concern for the industry, resulting in overworked teams teetering on burnout. More than a human resources issue, this particular challenge also has grievous repercussions for business continuity, if not addressed. Indeed, earlier this year, Fortinet produced a research report which revealed that two-thirds of IT leaders worldwide are concerned about the risks they stand to face as a result of a skills gap within their organisation. The vast majority, or 80% of survey respondents, confirmed that they had experienced one or more breaches during the preceding 12 months due to a lack of cyber security awareness skills or awareness. Moreover, (ISC)2’s 2021 Cyber Security Workforce Study estimates that an additional 2.72 million cyber professionals are required ‘to adequately defend…critical assets’. The talent shortage even threatens to stifle growth in the UK’s technology sector.
As the threat landscape continues to grow, evolve and intensify, we urgently need to step up as a community to tackle this issue. But what can, or should, be done?
The self-inflicted shortage
The truth of the matter is the industry’s skills shortage is largely self-inflicted. The first key mistake we make is believing we need to rally troops composed of the ‘cyber elite’, or professionals highly skilled in specific and technical fields of cyber security. While such talent is necessary for a country’s military defence and cyber security focused enterprises, they are not essential in other organisations to run securely. Our cyber security ecosystem has evolved significantly since the industry originally emerged, and we now have a whole range of services and tools at our disposal to build a strong defence. Today, it is enough to bring onboard decently skilled individuals with the ability to leverage these resources effectively. This significantly widens the pool of talent we can access as it is no longer confined to a minority of individuals naturally gifted in STEM subjects. Rather, it allows for the possibility of qualification through training.
Equally, we need to remember that cyber security is a relatively new industry and it is constantly and quickly evolving. Though someone might be an expert in cyber threats today, they are unlikely to be equipped to tackle the threats of tomorrow without committing to continuous re-education. Yet, we generally place numerous barriers to entry, requiring individuals to have X years of experience, X qualifications etc. What organisations really need are individuals who are enthusiastic to learn and a system in place to train people from the ground up; for entry-level or even current employees who are interested in making the lateral move.
The importance of public and private sector collaboration
Cyber resilience is critical for all organisations. The threat of attacks is not going away, so the focus must be on hardening the security of critical assets and consolidating data centre information spread out across the networks so that when criminals do target them, they are met with a robust and defensive force that prohibits them from reaching their goals.
One of the best ways to improve the UK’s cyber resilience is through private and public sector collaboration. By uniting forces, the public and private sectors can work together to protect the UK as a joint responsibility, where they share intelligence, while also educating businesses.
This union is a key aspect of the UK government’s Cyber Security Strategy 2022-2030, which delivers a vision of cyber security resilience through public-private sector collaboration. The strategy also outlines the importance of building security into the core of the UK’s infrastructure by deploying secure-by-design principles, the importance of sharing knowledge and improving cyber education to close the skills gap.
A meeting place for minds
Overcoming the cyber security challenge is one you don’t have to face alone. Together, the cyber security sector, including government, private institutions and academia, is full of impressive individuals with the resources and know-how to bring about the change we need to see. We just need a space for them to come together to do so, and that is exactly what the International Cyber Expo intends to be.
Held at Olympia London on the 27th – 28th September 2022, International Cyber Expo endeavours to be the go-to meeting place for industry collaboration, where everyone from vetted senior cyber security buyers, government officials and entrepreneurs, to software developers and venture capitalists, are welcome to share their experiences, knowledge and resources with peers. As one of the must-attend annual cyber security expos, the inclusive event is made for the community, by the community, hosts a world-class Global Cyber Summit, an exhibition space, live immersive demonstrations and informal networking.
Catherine Craig, Channel Manager at 3M says of last year’s event: “We had consistently good engagement and conversations on the stand. It’s been so helpful to be able to tap into a wide range of different markets and people all in one place. It’s been a great show and we’ve already signed up to return in 2022.”
To register for free tickets to the event, click here.