The UK government-backed campaign CyberFirst made headlines in October after encouraging a black female ballet dancer to ‘rethink, reskill, reboot’ and train in cybersecurity. The distasteful and tone-deaf advert caused huge backlash, ultimately resulting in its rightful removal. But the truth remains that there is still a frighteningly huge skills gap in cybersecurity.
‘Gap’ doesn’t quite cover the enormity of the problem. According to ICS2, nearly 500,000 more cybersecurity workers were needed in the US in 2019, and in excess of 4 million are required worldwide. The most in demand jobs are varied, spanning forensics, cyber automation engineering, security operations centre (SOC) analysis, cloud network architecture, consulting in advanced threat solutions and cyber security analysis.
Smaller companies struggle to compete in cybersecurity marketplace
The shortfall in cybersecurity talent means that large companies paying high salaries can lure talented individuals, leaving smaller companies under-resourced and vulnerable. It is critical that companies invest time and money into cybersecurity skills and training.
Cybersecurity is not just a matter of concern for technology companies, but a pertinent issue across all sectors. For example, the healthcare industry, including biopharmaceutical companies and healthcare providers, has always been susceptible to cyberattack due to the wealth of valuable and sensitive information routinely stored. The 2015 cyber-attack on Anthem led to sensitive patient personal identifiable information (PII) of almost 80 million people being leaked, more than the entire population of the UK.
Further risks exist to connected medical devices such as magnetic resonance imaging (MRI) machines, insulin pumps, and pacemakers, which may be targeted and exploited by hackers for financial or political gain. Telemedicine, increasing in popularity due to COVID-19 restrictions on visiting medical facilities and hospitals, provides another weak point susceptible to exploitation.
Security attacks are widespread
Travellers, too, are both vulnerable and valuable. The desire for a ‘seamless’ experience – including efficient, effective booking and travel, and the ability to engage instantly with companies and retailers – creates a digital landscape ripe for cybercriminals to exploit. Though increased biometric integration may enhance the travel experience, used at airports to verify the identity of travellers, databases are susceptible to hacking, and require highly skilled individuals to ensure that travellers’ information is cybersecure.
Bitdefender, a cybersecurity solutions provider, reported more than 4,000 detected attacks on energy companies in each of the first three months of 2020. Widespread deployment of Internet of Things (IoT) technology is commonplace in oil and gas to optimise daily operations, generating huge volumes of data. However, this expanding digitisation creates new access points for hackers to exploit. Due to the growing connected network, problems in one area of operations could cripple operations across several entities. The industry must invest in enhanced cybersecurity to prevent from data loss, denial of service, and protect against any other disruptions to operations that may occur.
Work from home has increased vulnerability
Covid-19 caused a rushed to working from home. The use of personal laptops and local networks, together with increased digitisation and automation, has left companies vulnerable to attacks via phishing and ransomware. In the case of the German software company Software AG, the ransom demand was over $20m. Cyber-naïve remote workers need training to protect both themselves and their companies from cybercriminals.
It is imperative that, across industries, companies invest both time and money into cybersecurity skills and training. Late adopters overestimating their readiness leave themselves susceptible to cyber disruption.