Cyber security, each year a hot topic and several organizations perform research every year to show the current trends and facts. The results of these researches slightly differ each year. The US and Europe are focusing on expertise and education. What are the trends and facts within security profession?
The National Institute of Standards and Technology (NIST) of the US is reporting that cybersecurity workforce needs to be improved and expressed the importance to educate and train the American cybersecurity workforce(1). In Europe, the European Union Agency for Network and Information Security (ENISA) recently exercised on a scenario that airport’s critical systems were hit(2). Cybersecurity still plays an important role in our digital environment. Not only global governances recognize the importance of education and training to fight cybercrime, also several studies show the trend that appropriate education and training is crucial to effectively fight cybercrime.
Let’s start with exploring the trend about actual cybercrime to determine if the attention we have for cybercrime is legitimate. Reviewing some global researches performed on security, we noted that ISACA’s study ‘State of Cybersecurity 2018: Workforce development’ (3) define a decrease of ransomware attacks with 17 percent, whilst the 50% of their respondents experience an increasing number of security attacks year over year. When looking to the Crowd Research Partners’ ‘2018 Cloud Security Report‘ (4) we noted that 18% of the organizations did experience a cloud related security incident; the number shows a significant increase in cloud security incidents compared to the previous year. Organizations still worry a lot about cybersecurity. Noticing that multiple researches show that the number of organizations experiencing attacks are increasing, the attention paid to cybersecurity is legitimate.
Knowing cybersecurity is a hot topic for legitimate reason, finding the problems within the current security defense strategy is difficult. This blog started with the notice of NIST that the cybersecurity workforce needs to be improved and ENISA is active with cybersecurity business causes. The research of ISACA (3) shows it is difficult to fill security positions within a company. For more than 50% of the security positions it takes three months or more to fill them. The report also shows that a lot of the applicants are not qualified for the job, more then 50% of the organizations stated that less than 50% of the applicants are qualified for the jobs. Also the Cloud Security Report (4) mentions that staff expertise and training is the main barrier to adopt cloud, and trained cloud security professionals is seen as one of the most effective control to protect data in the cloud. We can conclude that organizations strive to invest on security experts and recognize skills are very important. The lack of experienced/trained staff is seen as a big risk to fight cybersecurity.
Another report, EY’s Global Information Security Survey 2019 (5), surveyed professionals mention that careless or unaware employees are the most important vulnerability of the organization that increased the risk exposure over last year. Also, the employees are seen as the most likely source of an attack. The report indicates that over 50% of the respondents think it is likely, or very unlikely, that sophisticated cyber attacks will be detected. It seems that proper training and screening of employees will be very important to lower cyber security risks. Also the Cloud Security Report (4) indicates that organization indicate training and certification of current IT staff is most important to assure that their organization will meet their evolving security needs.
To fight cybersecurity there is a growing need for proper training and educated professionals. Where IT security used to be a part of the IT skills and technology was the main focus, the need for specialized security professionals is growing rapidly last couple of years. The growing popularity of global security associations also is a result of the growing need for professionals. The key asset to fight cybercrime is having the right professionals that keep on training in this profession area. Of course, the technical (software and hardware) tools will be as important as the people, but the people (Security professionals, IT professionals and other staff) are often recognized as the weakest link in cyber security.
Article by Jouke Albeda, Security & Compliance Manager @ Datacenter.com
(3) State of Cybersecurity 2018 Part 1: Workforce Development; ISACA; 2018
(4) 2018 Cloud Security Report; Crowd Research Partners; 2018
(5) EY Global Information Security Survey 2018; EY; 2018