Advisor

Cybersecurity: Action Beyond Awareness

Posted February 1, 2023 | Technology |
cyber actions

To create better cybersecurity awareness, this Advisor series examines the evolving cybersecurity landscape. In Part I, we explored why cybersecurity awareness remains a perpetual concern and challenge. Part II continued that conversation by looking at what we can do to address those cyber threats. Here in Part III, we explore more cybersecurity actions, focusing on growing cybersecurity career opportunities and the security of the digital future.

Knowledge is of no value unless you put it into practice. ― Anton Chekhov, Russian playwright

Cybersecurity awareness alone is not adequate. This awareness needs to result in appropriate action. But surprisingly ― and regrettably ― despite high-profile cyberattacks on businesses and governments and critical infrastructures and the availability of several technologies to secure data and information systems and applications, many organizations continue to ignore or discount the importance of security requirements. This is a mistake ― and a current setback. Analysis of several security incidents reveals this state of affairs. Organizations and security professionals should carefully consider security requirements, assess potential threats and vulnerabilities, and formulate an appropriate strategy that closely aligns with the business’s overall IT and business strategies.

It is a myth that small and medium-sized enterprises (SMEs) don’t face cybersecurity attacks; they are not spared from facing security threats. For instance, last year, over 40% of SMEs experienced a security breach, and 82% of all ransomware attacks targeted smaller organizations. Employees of small businesses also experience 350% more social engineering attacks than those in larger organizations. In addressing security threats, SMEs face special challenges (e.g., they can’t afford big security budgets or employ well-qualified security professionals). But they should never compromise cybersecurity. They can use outsourced security-as-a-service offerings and adopt simple steps to secure their systems.

The Cybersecurity Skills Shortage & Career Paths

Awareness and strategy alone are not enough to address the problem. The cybersecurity field is critically in need of professionals with a cybersecurity skill set; hence, cybersecurity has evolved significantly as a career over the past decade. As a growing number of enterprises, businesses, and organizations are now embedding security features and strengthening or scaling them, demand for cybersecurity professionals is soaring.

According to the 2022 “Cybersecurity Workforce Study” by the certification body and professional association International Information System Security Certification Consortium (ISC)², the shortage of cybersecurity professionals is 3.4 million, an increase of 700,000 (or 26%) in the past 12 months from 2.7 million. The study found that even though there are now 4.7 million active security professionals worldwide ― up 460,000 in 2021 ― there is skyrocketing demand for them among organizations. While the cybersecurity field needs more professionals, currently there is a lack of security professionals, and training and accreditation schemes are struggling to fill the pipeline.

There is currently more demand than availability, and this demand will only increase in the coming years. One can gain cybersecurity skills and recognition via formal university degrees, short-term certificate courses, and training programs in a spectrum of topics in cybersecurity. It is a great career for many.

For those interested in pursuing a career in cybersecurity, TechRepublic’s go-to guide is a good start. It outlines job markets, skills, and answers to common questions in the field, as well as the top security software. The National Initiative for Cybersecurity Careers and Studies has identified several cyber career pathways and job roles and the knowledge and skill set required for each, presented via an interactive map. The US Federal Cyber Career Pathways Working Group has outlined several cybersecurity career paths including defense forensics analyst, systems security analyst, vulnerability assessment analyst, secure software assessor, information systems security developer, and security architect, among others. For each career, it has outlined core roles, knowledge and skills, and competencies. Most of the roles are applicable in general in several industry sectors.

Enterprises, on their part, should address the gap by training internal talent, rotating job responsibilities, mentorship programs, or encouraging employees outside the IT or cyber function to join the field. Organizations that go down this path tend to be less likely to experience staff shortages.

Will the Digital Future Be Secure? It Depends on Us

The digital future will be exciting in terms of innovations and opportunities. But it will also be scary because of potential heightened and sophisticated security issues and related privacy concerns.

Cybersecurity issues aren’t going to get any simpler. The cyber-threat landscape will continuously evolve and pose an even greater danger. Even as comprehensive security measures are deployed, new countermeasures and attacks will emerge. Cybercriminals will continue to find ways to get around security measures to penetrate IT systems and access the information they want or create havoc on victims. Cybersecurity is a cat-and-mouse game.

Organizations need to future-proof their systems and data by frequently updating their security strategies and deploying new solutions. They must be proactive in planning and implementing appropriate and effective security measures to counter known and emerging security threats. We need to adopt new measures as quickly as possible — we cannot solve today’s security threats with yesterday’s solutions.

Cybersecurity is a business and personal necessity. Ignoring it can result in wide-ranging consequences — minor to major depending on what is compromised and how critical the damage is. Organizations should focus on technical safeguards, invest in a competent cybersecurity work­force, create security awareness among stakeholders, and regularly revisit and update their security strategies and implementation.

Proactive cybersecurity is a must in today’s sophisticated threat environment. Being proactive encompasses not only procuring security tools, solutions, and services and effectively configuring and embracing them but also adopting a cybersecurity framework that includes appropriate tactical measures, encryption, authentication, biometrics, analytics, and continuous testing, diagnostics, and mitigation.

Cybersecurity is a shared responsibility among all the prime stakeholders. Humans are often the weakest link in computer security. So, in addition to implementing security measures to protect their most valuable digital assets, organizations should educate their users and employees about security threats, countermeasures, and best practices.

Will the digital future be secure? It will depend on how we shape it proactively by adopting advances in security technologies as required and how careful the general user of the hyperconnected digital systems is. Adequately securing our digital future is a tall order but a necessary one. It is an all-year-long vigil and activity. Going forward, cybersecurity will be increasingly more important.

About The Author
San Murugesan
San Murugesan (BE [Hons], MTech, PhD; FACS) is a Cutter Expert and a member of Arthur D. Little's AMP open consulting network. He is also Director of BRITE Professional Services and former Editor-in-Chief of the IEEE's IT Professional. Dr. Murugesan has four decades of experience in both industry and academia, and his expertise and interests include artificial intelligence, quantum computing, the Internet of Everything, cloud computing, green… Read More