Faced with the prospect of huge fines, loss of business and their reputation on the line, organisations are battening down the hatches to protect themselves and their customers.
No consumer wants to be a victim of identity fraud; no organisation wants its critical IP stolen and no government wants its state secrets unveiled… yet these events are happening with alarming regularity.
In the connected world – according to Gartner, there will be over 20 billion connected devices globally by 2020 – many businesses are at a higher risk of cyber attacks than ever before, as they hold more and more sensitive information across an increasing array of different systems.
High profile cyber attacks on businesses including TalkTalk and Yahoo have exposed the vulnerabilities of large enterprises, with millions of consumers having their personal data compromised as a result.
And, for those organisations that fall victim to the hackers, the cost of an attack can be significant. TalkTalk’s chief executive, Dido Harding, admitted the company lost £60m and 100,000 customers as a direct result of its attack last year. Faced with the prospect of huge fines, loss of business and their reputation on the line, organisations are battening down the hatches to protect themselves and their customers.
With the digital warfare heating up, it seems there are no limits to the creativity of cyber criminals, with threats to enterprise security becoming ever more sophisticated. Hackers have an increasing array of tools at their disposal to disrupt organisations; and business leaders are struggling to keep pace with the latest risks.
As a result, demand for cyber security expertise is at an all-time high. Recent research revealed that the most sought after skills in this area are CISSP (Certified Information Systems Security Professional), SIEM (Security Information and Event Management), IDAM (Identity Access Management), ArcSight, penetration testers and biometrics. However, there is an increasing shortage of talent with these skills – just 103,000 people worldwide hold a CISSP, one of the main cyber security certifications.
With cyber security expertise in short supply, businesses are willing to pay more to bring in the right skill sets. According to research, the average salary for permanent IT security professionals now stands at £58,003, up 7.95% since 2015. IT security day rates are also on the rise – up 4.98% year-on-year (£443 on average), as many companies turn to short-term contractor support to help plug the gaps.
For organisations struggling to find the right talent, there are several things they can do to mitigate short-term and long-term threats:
- Embrace a more flexible workforce
Anticipate and plan for potential risks in three to five years’ time, as well as dealing with the present. Partner with a workforce provider to ensure you have a flexible and scalable solution for the future. This will enable you to bring in different skills and transfer knowledge between different people at different times. It will often include a combination of permanent, short-term contractors, Employed Consultants, off-shoring and outsourcing.
- Encourage learnability
Remember, candidates won’t always have all the core credentials on their CV. Look to hire individuals with the aptitude and enthusiasm to learn new skills and then give them the freedom to experiment with new technologies and platforms once they’re through the door.
- Provide continuous training and opportunities to up-skill
Support and encourage IT professionals to continually up-skill. This can be done both internally and externally. For example, offering individuals the chance to work on different types of projects across the business to widen their understanding, as well as complete the latest industry-certified security courses. All this needn’t be a complicated process – a lot of the skills that IT professionals already have are easily transferrable.
As the threat of cybercrime intensifies, it’s not a case of ‘if’ but ‘when’ hackers will strike. However, adopting these approaches will help businesses strengthen their defence and ensure they don’t become the next data breach headline.