The Bank of England recently called for the creation of a ‘super shield’ against cyber-attacks and major breaches of data privacy in the financial sector. This type of data protection has already been established in the US, with the stated goal of protecting customers and allowing data to be restored in the event of a catastrophic cyber event.
The problem of data security is now so ubiquitous that, for the first time, G-7 nations are coming together to simulate a cross-border cyber-attack.
While many in the public and private sector are spending more to secure data, companies, who are often the “soft” targets for these kinds of attacks, may not be considering how to strengthen and protect their most vulnerable target: their employees. The first step toward cyber preparation for any entity is ensuring that IT teams truly comprehend the scope of the threat they may be facing.
A Threat to the Bottom Line
Recent research has shown that malicious cyber-attacks are still a major concern for businesses, especially new phishing attacks, with a 2019 Government report suggesting 90% of businesses have reported an attack of this nature in the last 12 months.
In 2019, the cost of a data breach is increasing. As well as initial financial damage from a fine, reputation is on the line and businesses are increasing spending efforts to mitigate the risk with increased staff and technology.
A change in thinking is necessary. We in IT are often guilty of conflating information with wisdom. As I like to think of it, information is the micro-lesson we learn from every hack or data breach, and wisdom is the life lesson we carry with us long after it happens.
In IT, as in many sectors, our collective wisdom is what keeps us safe. It takes us from “Maybe I shouldn’t open this suspicious email,” to “I should report every suspicious email to my company.” This shift in thinking can help us safeguard not only our data but our bottom line.
The Wild West of Cybersecurity
As companies struggle to keep up with the rate of change in the industry, hackers are busy embracing it. Increasingly, they are using new methods and technology to gain more information about the inner workings of companies, then using the vulnerabilities they find to target their attacks more precisely.
From targeted spoofing attacks that lure employees into handing over data, to hackers operating in teams to compromise entire firewalls, we are experiencing the ‘Wild West’ of cybersecurity.
In an effort to catch up, many organizations are panicking and actually exposing further vulnerabilities. The best way to mitigate new threats is not necessarily by investing in more technology that can be further exploited, but rather to focus on having a team of highly skilled professionals who work together to fight new threats.
Building a Cyber-Secure Mindset
As the nature of threats widens and evolves, it can be difficult to keep everyone working together toward a common goal. What is that goal? How can employees stay a step ahead? Vital to ensuring a team can maintain stability is regular evaluation of weaknesses and a robust plan that addresses them head-on. Penetration testing is certainly not a new concept, but should be an integral part of any security strategy.
Regular simulations can go a long way towards keeping cybersecurity teams ahead of both existing and potential threats. By carrying out simulations, teams can gather a better understanding about their own roles in fighting a cyber-attack as well as gaining an insight into where there are gaps in expertise. In this way, teams should be able to see whether the skills of the team match what is needed to effectively secure a company’s data.
For example, the test could pull out the need for a new hire with expertise in securing cloud applications or it could even identify where there are communication issues. While they may seem like a small part of the role, communication and teamwork are chief among the requisite IT skills in importance. If someone can communicate competently and demonstrate strong teamwork, there’s nothing they can’t learn.
It is easy to identify what skills are missing from a team, but it can be harder to recruit for those specific skills. Recent CompTIA data shows that some 50% of organizations are experiencing a growing skills gap. There are a number of things businesses can do to mitigate this, however, including hiring outside traditional educational pathways and keeping teams diverse.
For example, a company might look at hiring a skilled applicant from an apprenticeship scheme rather than a university. Regardless of hiring practices, all companies should be sure their existing teams are skilled for their roles and have the right mindset to handle the evolving threats facing businesses. One way organizations do this is through certification and re-training programs that offer industry-first learning. Such pathways allow employees to upskill while they work and are ultimately a cost-effective way for businesses to tackle cyber threats.
Get Ahead of the Next Big Threat
Predicting the next malicious threat is extremely difficult and not a task one person can, or should, undertake. However, collective wisdom on cybersecurity has the ability to keep businesses safe. Cyber-criminals will always try and stay at least one step ahead, so it is critical that we have the flexibility and foresight needed to get into their mindset.
Knowing what could be around the corner is key to preparation and a prepared team is at the heart of a good cybersecurity strategy.