THE CYBERCRIME PANDEMIC

A major part of my role in recruiting and building my network of senior & middle executive cybersecurity skills involves listening to the views of professionals about the cybersecurity sector; Chief Information Security Officers (CISOs) & senior cybersecurity skilled management, some who are looking for their next career challenge, but often general conversations about topics affecting the cybersecurity sector.

The prevailing theme emerging from this dialogue is that both businesses and those responsible for cybersecurity for those businesses are now under greater pressure than ever before.

According to the UK-focused cybersecurity threat report, “Extended Enterprise Under Threat’1, published in July 2020 by VMware Carbon Black, 98% of respondents cited that attack volumes have increased in the last 12 months and that 99% had suffered a security breach. The survey also found that the average organisation experienced 2.63 breaches during this time. 99.6% of respondents added that they plan to increase cyber defence spending in the coming year.

In an article published in September 2020, Commsmea quoted Kaspersky’s latest research findings, which highlighted that “2020 is on course to rack up somewhere in the region of 1.5 billion cyber-attacks for the year”. The same article also signposted a new report by Security Intelligence, which estimated that the average cost of a data breach stands at a staggering $3.92 million(2).

THE NEW VACCINE

While the numbers make strong headlines, real businesses are suffering. Every day cybercriminals unleash waves of new attacks, attempting to steal data and money and disrupt businesses by holding them to ransom. The cyber threat now involves highly organised groups, with nation states, organised criminals and ‘hacktivists’ investing huge resources in developing their capability. At a time when even the FBI and the White House have accused China of using digital espionage to steal research on the coronavirus vaccine, cybercrime has never been a hotter topic or a bigger concern for businesses.

RESPECT

The role of the Chief Information Security Officer deserves greater respect. After all, they have the ‘key to the house’ and if any one element of their responsibility is breached, not only can data be stolen, the company could be blackmailed and the reputation of the firm can be tarnished irrevocably. The KPMG and REC Job Report for August 2020 has brought cybersecurity skills strongly into focus as second in the skills in short supply for permanent staff. We believe that there is a strong case for the role of CISOs to be recognised as the lynchpin of the organisation with an independent voice on the main board. This will not only ensure a sustained focus on cybersecurity threat at C-Suite level, it will also eradicate potential conflicts of interest and dilution of budgets.

In a recent article in the Wall Street Journal, ‘Security chiefs look to justify cybersecurity costs during business downturn’3, Sam Olyaei, a research director at Gartner Inc. commented: “There could be additional strain on cybersecurity spending at companies where security is part of the overall information technology budget. Once the technology budget is cut, cuts to cybersecurity spending will follow.”

I am delighted that within my network of CISOs there are increasing numbers of females who are doing an incredible job in bringing cybersecurity to a wider audience, encouraging diversity in the workplace. It was therefore particularly encouraging to read the report from the National Cyber Security Centre (NCSC)4 highlighting a surge in applications from female candidates of 60% from 2019. This is great to see but there’s still a long way to go!

EXPECT

We can expect cyber fraud to continue to evolve far beyond the pandemic, as aggressors find new ways to exploit online vulnerability in all its forms.

As the number of employees working remotely has grown exponentially in a matter of months, many businesses risk leaving themselves open to cyberattacks and data protection breaches. Common mistakes include: not securing networks properly, using weak passwords and failing to store data responsibly.

These conditions have resulted in a perfect storm characterised by an alarming rise in cybercrime for businesses, as fraudsters take full advantage of the opportunity. Consequently, businesses are being forced to re-examine their resilience to the ongoing and increased threat of cybercrime and are having to find better ways to educate and train their staff in recognising and responding to Internet fraud.  

As business leaders, it is vital to recognise that the techniques and methods used in cyberattacks are changing constantly. Businesses cannot afford to be complacent and must adopt robust ongoing defensive measures.

With this in mind, there is another prevailing business expectation, that the CISO will keep the firm’s ‘house’ secure, maintaining the company’s reputation with the same (or reduced) staffing levels, even though cyberattacks are rising by the day.

PROTECT

Cybercrime is an enterprise-wide concern. Asking all staff to be vigilant and take responsibility for tackling cybercrime is the first crucial step in protecting the organisation.

Massachusetts Institute of Technology (MIT) scientists have outlined the security failures that are costing companies the most(5). Key issues include allowing access to unauthorised ports, failure to prevent malware and ransomware, neglecting to perform proper inventory and control of hardware assets, as well as failing to implement effective log management or to adopt ML/AI-powered automated analysis (to identify security incidents as they happen - or even to predict and prevent them).

The more we can do to put barriers between our organisations and the cybercriminals that threaten them, the better chance we have of preventing financial losses, redundancies and even business closure. From Data Leakage Prevention (DLP) solutions to Unified Endpoint Management (EUM), there are numerous security solutions to protect home workers and sensitive data from exploitation and attack. Identifying the right solutions for the business’s unique needs is best achieved by a cybersecurity professional.

DETECT

Identifying and using the right cybersecurity tools is key to success in protecting businesses from the damaging effects of cybercrime, making it as difficult as possible for hackers to get inside and exploit processes and to detect instances where there is vulnerability or a breach.

One of the most common ways that hackers gain access to business systems is via code defects known as ‘exploits’. Some of these can remain undetected for years before they are patched, so if you don’t update all of your software regularly, from operating systems and browsers to specialised programmes, your networks could be continuously left open to threat. 

CONNECT

At Proxime, we are conscious that your company may now be looking to take the necessary steps to recruit staff with additional cybersecurity skills on a temporary or permanent basis. That’s why we’ve created a network of talented cybersecurity professionals who are ready to assist with your cybersecurity needs, for total peace of mind in difficult times. You’ll be in excellent company; to quote one of my clients: “Working with David is always easy. He's highly professional and has a great network. I wouldn't hesitate to work with him in the future”.

When considering something as business-critical as cybersecurity, it’s vital to talk with an expert. Get in touch today to talk about how we can help you enhance your cybersecurity and protect your business and employees from the effects of cybercrime. If you would like to chat through your requirements in confidence, please give me a call on 07770 117906 or email me directly at [email protected].

About the Author - Assisted in writing this article by: Brand Workshop Limited & Rowan Martin Copywriting

David Gadd, Director of Talent - Cybersecurity

David Gadd has been involved in Cybersecurity and IT recruitment for over 30 years, both in the UK and in Canada. He thrives on finding the very best opportunities for clients and candidates, as well as connecting professionals through his extensive Cybersecurity and Emerg Tech global network. Throughout his career, David has built a loyal network of cybersecurity professionals across all skillsets, particularly at CISO and senior management level. Therefore, when he is engaged to establish the best person for the role, he leverages his experience, knowledge and relationships.

David has also completed various specific industry courses including: Understanding Data Protection and Data Security, GDPR Level 2 and ISO 27001:2013 Information Security Management System.

About Proxime (https://www.proximesearch.com/)

Since 2003, Proxime has been trusted by some of the world’s leading organisations to supply IT professionals, either on a permanent or contract basis. We have built our reputation on providing safe IT recruitment solutions for employers and candidates when navigating uncertain times, enabling them to make more efficient, effective and informed decisions.

Recent assignments have included resourcing agile teams for cybersecurity, change management and digital transformation, e-commerce migration and enterprise blockchain projects. The roles we have placed range from the entire spectrum of IT such as CIOs, program directors, program managers and technical teams. Our mission, ‘Improving Lives', is underpinned by a culture of being curious (we want to understand you better), generous (we go the extra mile) and tenacious (we don’t give up). If this resonates with you, we’d love to talk.

Assisted in writing this article by: Brand Workshop Limited & Rowan Martin Copywriting

Citations

1 VMware. 2020, July 14. Vmware Releases Cybersecurity Threat Survey Report Detailing Increased Attack Volume And Breach Levels In The United Kingdom | UK. https://www.vmware.com/uk/company/news/updates/vmware-carbon-black-global-threat-report-release.html

2 Kelly, C. (2020, September 13). We reveal the biggest data breaches of 2020. https://www.commsmea.com/business/trends/22392-we-reveal-the-biggest-data-breaches-of-2020

3 Stupp, C. (2020, May 12). Security Chiefs Look to Justify Cybersecurity Costs During Business Downturn. https://www.wsj.com/articles/security-chiefs-look-to-justify-cybersecurity-costs-during-business-downturn-11589275802

4 Girls just wanna have fun-damental cyber security knowledge. (2020, September 4) https://www.ncsc.gov.uk/news/girls-just-wanna-have-fundamental-cyber-security-knowledge

5 Zorz, Z., & 3, S. (2020, September 03). Which cybersecurity failures cost companies the most and which defenses have the highest ROI? https://www.helpnetsecurity.com/2020/09/03/cost-cybersecurity-failures/