Many UK IT leaders are concerned that a security hiring freeze last year could ramp up cyber-risk, but the new remote working environment may offer a partial solution, according to CrowdStrike.
The security vendor released new UK-centric findings today from its Global Security Attitude Survey which polled 2200 IT and security decision makers around the world.
A majority (63%) of UK respondents claimed their organization is now at a higher risk from cyber-attacks due to the pandemic, yet 44% had a hiring freeze in place last year.
In fact, the UK had the lowest average of new cybersecurity hires of all countries surveyed, with 31% taking on between one and five new cybersecurity staffers last year.
This concerned respondents: many argued that the hiring freeze (40%) and reduction in available talent (45%) will amplify the increased cyber-risk resulting from the pandemic.
However, the adoption of mass remote working by most organizations could open up a global talent pool for Brexit-bound businesses, argued Zeki Turedi, EMEA CTO at CrowdStrike.
“How UK organizations will approach hiring in 2021 ultimately comes down to whether they see cybersecurity as being an important and integral part of their business. Whilst a zero-trust mindset should be the norm for all firms, the importance placed on cybersecurity varies massively depending on the sector and type of business,” he told Infosecurity.
“Hopefully, the work-from-anywhere policies that many companies are adopting will allow organizations to invest and bring in the right people to support their cybersecurity efforts, no matter where they may call home.”
This matters, because many respondents claimed that intrusion detection times have become slower (40%) over the past year, and that the pandemic has made it harder to prevent cyber-intrusions (51%).
Turedi argued that this was due to an uptick in attacks on organizations and forced architectural shifts that were sometimes made without security baked-in from the start.
“The added complexity of teams working from home, using tools not made to deal with remote security incidents and growing threats — all with a change of architecture — can make detection times a lot longer,” he said.
“This complexity is exactly what cybercrime groups use against victims to gain an advantage. We recently revealed that threat actors were in organizations’ networks for on average of 79 days before the victims realized.”