For as long as the cloud has been discussed as a business opportunity, discussion around how to secure it has not been too far behind. Cloud has served as the catalyst to an array of technology initiatives with ever-evolving security requirements like “bring your own device” (BYOD), remote working and the internet of things (IoT), extending security needs well beyond the traditional data centre. As devices proliferate and more production systems are brought online, the security risks will increase sharply, creating new vulnerabilities.
Damages from cybercrime are projected to hit $US6 trillion annually by 2021, up from $3 trillion in 2015.
In a world of competing cyber-priorities, organisations need to be able to secure their data irrespective of whether it is stored on premise or in the cloud.
Organisations are introducing new technologies to drive innovation and growth faster than they can be secured. Employees are increasingly targeted as the weakest link in cyber defenses with people-based attacks such as account takeovers, ransomware and phishing scams making it more expensive and difficult for organisations to recover from. It’s little wonder then that the damages from cybercrime are projected to hit $US6 trillion annually by 2021, up from $3 trillion in 2015. At the same time, the demand for cyber security professionals is poised to outstrip supply with the number of unfilled cyber security jobs predicted to reach 3.5 million by 2021. In this new age of cyber security, what are the challenges that will need to be met by the modern security professional and how can organisations refocus their resources to hedge against that threat?
The number of unfilled cyber security jobs is predicted to reach 3.5 million by 2021.
Key challenges in cyber security
As traditionally non-tech companies undergo digital transformation and look to build digital products and services to stay competitive, every company regardless of their industry is becoming a technology company. From large manufacturers of agriculture machines grappling with onboard sensors and machine-to-machine protection to mining companies automating their supply chain to improve productivity from mine to market, every company is connected through their technology to their employees, partners and customers. As such, the security world has heightened in importance for everyone.
In a recent survey conducted by DDLS, 70 percent of respondents said that they expect data breaches and cyber security concerns to dominate their company’s IT agenda. With this in mind, what are the key cyber security challenges that all organisations irrespective of their size or industry should be wary of in the year ahead?
Employees are your biggest cyber security risk.
The traditional focus of IT security has been on keeping out external threats, but the volume and frequency of security breaches caused by disgruntled, careless or negligent employees has risen significantly in recent times. This is mostly due to moving data off premises and into a growing number of mobile devices and cloudbased applications. As more organisations adopt initiatives such as bring your own device (BYOD) and the cloud, it’s becoming much harder for an organisation to spot compromised devices quickly. According to the 2019 Insider Threat Report, 59 percent of respondents surveyed said that their own organisations experienced at least one insider attack over the past year while more than two-thirds believed insider attacks had become more frequent over the past year. Authorised employees or contractors use valid credentials to login and have physical access to an organisation’s building, making most cyber security tools blunt instruments. However, not all insider threats are malicious with many sparked by careless employees who click on harmful email links or attachments without knowing, reuse the same password across multiple services, use unsecured public Wi-Fi, or accidentally leave their laptops in a public place. Regardless of users’ intentions, any resulting data breach can damage an organisation financially and cause reputational harm.
59% of businesses have experienced an insider attack in the last year.
Cyber criminals do not discriminate by business size.
Think your business is too small to attract threats? Big mistake. Cyber criminals don’t generally target individuals or businesses – they target vulnerabilities. A business of two is as prone to attack as a large corporation if a vulnerability is detected. According to data from the Global Economic Crime Survey captured by PWC, 60% of all targeted attacks in Australia struck small and medium sized businesses. Business is increasingly being done over network connected devices and each one presents a tempting target. A key point is that cyber-attacks are automated and constantly probe for weaknesses 24/7. The rewards of cyber-crime are so great, threats have dramatically increased and cyber criminals have become highly professional. This means that account takeovers, ransomware, phishing and extortion based DDOS attacks are all going to become a lot more targeted, making it more expensive and difficult to recover from.
60% of all targeted attacks in Australia were suffered by SMBs.
Cyber Security in the IoT age
With the Internet of Things (IoT), security challenges move from a company’s traditional IT infrastructure into its connected products in the field. Forecasts peg 30 billion connected devices globally by 2020 as companies look to bring more and more devices, products and production systems online.
The sheer number of cyber security attack vectors increases dramatically as ever more “things” are connected. A corporate network might have somewhere between 50,000 and 500,000 endpoints; with IoT, we are talking about millions or tens of millions of endpoints. Unfortunately, many of these consist of legacy devices with inadequate security, or no security at all. 1.4 Talent Gap According to recent estimates, there will be as many as 3.5 million unfilled cyber security positions worldwide by 2021. The Asia Pacific region is expected to be the hardest hit with a shortfall of about 2.14 million. The scarcity in qualified security professionals has led to an over reliance on technology at the expense of human expertise, with most organisations lacking the adequate number of security staff internally to do the daily blocking and tackling required of instant response teams. The data is consistent with trends seen more broadly in the cyber security space.
Forecasts peg 30 billion connected devices globally by 2020.
According to recent estimates, there will be as many as 3.5 million unfilled cyber security positions worldwide by 2021. The Asia Pacific region is expected to be the hardest hit with a shortfall of about 2.14 million. The scarcity in qualified security professionals has led to an over reliance on technology at the expense of human expertise, with most organisations lacking the adequate number of security staff internally to do the daily blocking and tackling required of instant response teams. The data is consistent with trends seen more broadly in the cyber security space.
For those interested in pursuing a cyber security career, the Australian Institute of ICT (AIICT) offers vendor-certified training to kickstart your skills in this field. Our cyber security touches on the practical competencies you’ll to successfully work in an ICT environment. And best of all – it’s 100% online, so if you wish to travel or gain work experience while you’re at it; our courses allow you study according to your needs and schedule. Enquire today to start your journey in the world of IT.