Subscribe to RSS
- By Simon Kouttis
The threat of cybercrime is affecting UK businesses of all shapes and sizes.
Recent government findings state that cyber criminals have attacked 65% of local businesses in the last year alone, with 25% of these experiencing a security breach at least once a month.
The stakes are getting higher too. Companies at risk now face legally enforced penalties should they not take the necessary precautions to safeguard their confidential customer data. Negligent organisations that suffer a major cyber security breach are deemed responsible for any damages to customers and are under pressure to accept accountability. For example, the Bangladesh Central Bank Governor resigned following the recent cyber-heist that robbed the bank of $101 million. In some extreme instances, C-level executives may even face prison sentences.
As the cyber threat to business infrastructure increases, so too does the demand for IT security professionals – yet the supply is limited. This IT skills shortage is not the fault of the IT industry exclusively: STEM (science, technology, engineering and maths) subjects are generally very well-funded at university level, but need more encouragement at schools. Educating young learners in cyber security is key to building up the necessary supply of IT skills. However, this will take years, leaving many companies vulnerable to risk in the interim.
The IT industry is also challenged by its own rate of development. New technologies are progressing faster than the people with the skills and experience needed to keep them secure. An agile, tech-savvy company may appear more innovative and progressive, but it also leaves itself more exposed to cyber-attacks.
Given all these risks and challenges, recruiters need to rethink how they can help their clients hire the highly skilled cyber security teams they desperately need.
Building a security team
Unfortunately, the current level of risk is too great to simply hang back and wait for the next generation of IT security graduates. The public sector is an oft-overlooked source of exceptional cyber security talent. Government defence departments, for example, invest hugely in training people yet public sector pay is invariably less than the standard corporate package – which could make for an enticing offer.
Right now, the biggest question companies are contemplating is whether to outsource the skills they need or bring them in-house. For some, a hybrid approach is viable but for many, an on-site security operations centre (SOC) offers the best protection as it can monitor the business 24/7 and retain ownership of all data. Building a SOC is a substantial investment however and needs to be considered carefully.
Key hires
The European Commission’s General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and will force UK businesses that supply goods and services to the EU’s member states to rethink how they manage confidential customer information. The sooner companies start preparing for this, the better, and many are considering the importance of hiring a Data Protection Officer (DPO). This role is focused on ensuring that your business stays on top of all the GDPR processes, allowing your cyber security team to focus on protecting your systems.
The person responsible for making the final call on all cyber security requirements is the Chief Information Security Officer (CISO) – a company’s most important asset in the war against cyber-attacks.
The CISO has to be able to navigate the C-level board as well as the tech world with ease, and to translate a company’s security needs into the overarching business strategy. This is not so much of an IT role as it is an executive position, one that requires experience in people and project management, and organisational development, as well as cyber security. The CISO will own the company’s security posture. This starts by understanding the business threat profile and drafting a security roadmap that reflects the business risk appetite. They will be ultimately responsible for hiring the various analysts, researchers and engineers required to staff the security team for realising this transformation.
Many organisations are going through similar challenges; these are some of the profiles which are most in demand.
A security architect will be needed to design the cyber security map that will guide the whole team – this includes the integration of process and technology. While technical knowledge is a must, they also need to understand the wider context of organisations objectives, with consideration to how their solutions may affect budget.
Security engineers are responsible for implementing the ‘blueprint’, installing and implementing processes that are key to realising the vision. This role works closely with the security architect, ensuring that a company’s IT infrastructure is kept alert and agile.
Security analysts are trained to test and tweak the SOC until it is ready to run. Once the SOC is up and running, analysts will monitor, assess and sort all security alerts as they come in. Skilled in data collection and intrusion detection, they are able to determine the relevant response to any cyber threat. There are significant variations in skills dependent on the SOC’s maturity and capability.
Overcoming the skills gap
Understanding what cyber security skills are relevant for your clients’ needs is easy, finding them is not. The current shortage is severe, and will take some years to address. In the meantime, the demand for these professionals continues to skyrocket.
At Stott and May we are working to overcome the skills gap as quickly and effectively as possible and have opened a new office in Brighton to help meet the growing demand for cyber security talent.
Working with clients and candidates, our Cyber Security Centre of Excellence provides IT recruiters with the training and knowledge they need to stay at the forefront of cyber security. Unless you understand the risks and challenges your clients are facing in this ever-changing environment, it’s impossible to provide them with the specialist support they need.
Challenging times give rise to great opportunities. Rather than viewing the current cyber security skills gap with doom and gloom, we need to develop new, proactive approaches to recruitment.
Simon Kouttis is Head of Cyber Security at Stott and May
Print
Email
