How serious are firms about cyber security threats?
Published 17/05/2019
How serious are firms about cyber security threats?
Cyber security needs to be a C-suite level issue if businesses are serious about protecting data and managing it securely. With threats becoming more complex and GDPR putting the onus on organisations, businesses need to detect breaches and respond to them more rapidly and transparently than before.
While demand for CISOs and security experts has grown rapidly in recent years there is still a notable gap between aspirations for security and the reality. This may be because of the unglamorous nature of security, which only attracts attention when its processes have failed. Others argue that businesses have simply been unwilling to invest in excellence in the field; and that the issue isn’t a lack of talent, so much as a reluctance to pay for it.
What can businesses do to ensure their digital security is adequate?
Investing in a digital security team should be an essential not a nice to have
Across the private and public sectors a DevSecOps culture is increasingly being accepted as a standard – baking security into every part of a business’s operations from the ground up rather than treating it as a separate, siloed unit tasked with policing the rest of the organisation.
“One challenge is variety and career progression,” says Rob May, the Cybersecurity Ambassador for the Institute of Directors and MD of Ramsac. “Many businesses are offering cyber job roles for the first time and there is no clear path for the applicant’s growth. This also means that there is a potential churn problem, if a business is not maintaining an established cyber team, and a mix of experience and culture, then, again, it’s less attractive for the applicants to move or join a potential new employer.”
If businesses are to achieve transformation in the next two years, digital security must be an area of special focus with investment and nurturing of the talent that a business attracts as well as genuine support from board level and not just a nice to have.
Cyber security is both a digital and human responsibility
The rollout of the Digital Workplace, the shift to the cloud, and the widespread implementation of IoT technology all enormously increase the potential attack surface that is available to hostile actors.
“Technology continues to evolve, and the use of AI, ML and blockchain will help counter cyber attacks,” says Rob. AI, for example, can be used to automatically identify red flags that might be invisible to a human agent; while distributed ledgers can facilitate the sharing of secure, immutable records across networks. “Yet, at the same time, the cyber criminals equally have access to the same tech and so the race to attack/defend will always continue at a pace,” continues Rob. “In my cyber security TEDx Talk I talk about the impact of the #humanfirewall, and it’s vital that the C-Suite understand this – that and the fact that cyber security is not an IT issue!”
All employees need to be responsible for digital security and tasks can and should be delegated across the workforce – insisting on high standards of security hygiene, for instance, is a job for all and not just the security team.
“Education for all staff is of paramount importance,” says Rob. “Yes, you’ll invest in your CIO and CISO but you have an obligation to train everybody under GDPR and this is something that far too many people are currently ignoring. Remember that individuals have different learning styles, too, so the education [process] needs to be multifaceted.”
Building and investing in your own security talent
Hiring skilled security experts is an essential piece of the puzzle but ensuring that new staff have the right skills remains a challenge. “There is a shortage of cyber security candidates in the market place,” notes Rob. “I always recommend engaging with local universities and offering internships and work experience to further the awareness of your own brand in the cyber job market.”
With demand for skilled cyber security professionals exceeding supply, creating your own talent from entry level professionals is increasing becoming more financially attraction option. Through investing in their training and providing a clear career path, you will provide a long term resource to the digital security protection of your business.
Specialist recruitment consultants can assist businesses with planning – assessing strengths and weaknesses and mapping out the tools and resources needed to develop your security team and counter threats. This can extend to including assistance with hiring; defining the roles and skills that are required to bring the organisation up to speed.
Digital security readiness is not a static position and much like a digital transformation process will require support from the top, openness to change, flexibility and evolution. The first step is to ensure that you have the people in place to make that change happen.
Browse Our Latest Tech Roles
Current Vacancies
About Empiric
Empiric is a multi-award winning business and one of the fastest growing technology and transformation recruitment agency's specialising in data, digital, cloud and security. We supply technology and change recruitment services to businesses looking for both contract and permanent professionals.
Read more (pdf download)
Empiric are committed to changing the gender and diversity imbalance within the technology sector. In addition to Next Tech Girls we proactively target skilled professionals from minority groups which in turn can help you meet your own diversity commitments. Our active investment within the tech community allows us to engage with specific talent pools and deliver a short list of relevant and diverse candidates.
For more information contact
02036757777
To view our latest job opportunities click here.