By Dave Waterson, CEO, SentryBay
There is a growing demand for skilled cyber security staff and, it seems, a lack of candidates. Where are they all? The truth is that the pandemic shook up the labour market and many executives at all levels and across all departments have moved on, including those in security.
According to ISACA’s recent State of Cybersecurity Report 2022 which is conducted annually amongst security professionals around the world, any positive effect that the pandemic had on retention in 2020 had worn off a year later. As a result, 63% of respondents had unfilled cyber security positions, an increase of 8% over 2021. An additional 62% said they had understaffed cyber security teams, and a fifth reported that it was taking more than six months to fill open positions. This reflects what we at SentryBay have observed in the marketplace.
It’s not just that talent seems so hard to find, but that organisations have not kept up with the changing expectations of the cyber security workforce. The pandemic brought about a change in attitudes with many employees keen to see an improved work-life balance. Flexible working arrangements are now expected by staff, but for companies, a return to the physical office is preferred. On top of this, and against a backdrop of increasing food, retail, energy and petrol prices, higher wages are in demand. As the requirement for talent increases, candidates are using this situation to gain leverage, and if the job spec doesn’t suit them, they can afford to look elsewhere.
The battle to solve this problem is being fought on two fronts. The first is to adjust traditional approaches and increase transparency during the interview process to ensure the expectations of both the candidate and the company are aligned. The second, however, is the looming worry of remaining cyber secure in the absence of a fully staffed and qualified team and a rapid escalation in attacks.
Financial services companies must shore up their systems
Considering that, according to some reports, cyber criminals are 300x more likely to target financial services providers and businesses than any other industry, the need to shore up these systems and services has become acute. Now is the time to look at implementing cyber security measures that can deliver comprehensive protection for applications and data, regardless of where employees are working, and which can be automated to give the entire company protection quickly while demanding the least from time-strapped security teams.
One of the main vulnerabilities is the endpoints being used by employees, from laptops and mobile phones through to tablets, IoT devices and desktop PCs. In physical offices these are usually secured through strong corporate protection, but in today’s more flexible working environment, devices are as itinerant as their users. It takes only one unsecured endpoint connected to the corporate network – in the office or remotely – to open a gap which, if compromised, can lead to a cyber attack.
Unfortunately, standard security measures are not enough, even if they combine antivirus, internet protection and endpoint detection and response (EDR). They were not designed to manage remote devices, and that combination of solutions will identify less than 50% of the attacks that are occuring today.
If enterprise cyber teams are being forced to prioritise their efforts, endpoint security is a great place to start since they are so often the favoured access point for cyber-attackers who use the keyboard and screen as the attack vector to steal sensitive data.
Kernel-level keyloggers, for example, bury into the system silently and sit at a low-level, harvesting keys that are tapped onto the keyboard. Obviously, the benefit to the keylogger is from grabbing passwords, security details and other sensitive data which they will later use.
Screen capture attacks work in a similar way, tracking and capturing personal details as they are displayed, putting at risk the data held within applications. Some financial companies advise their staff to use two-factor authentication, deploy complex passwords and update them regularly, but the risk remains to information held within applications.
What organisations most benefit from is a fortified environment that allows employees, both in the office and working remotely, to securely connect to their network. And it is not just the benefits this kind of environment provides against cyberattacks, but in ensuring they comply with industry regulations, international laws and local guidance.
Winning the battle on the cyber front
Looking again at the ISACA report it is possible to see a correlation between staffing levels, retention and cyberattacks – 69% of respondents whose organisations experienced more cyberattacks over the past year said that they were somewhat or significantly understaffed.
Solving this problem by finding and keeping new, highly qualified security talent, is the answer, of course, however it is likely to take some time and a new approach to cybersecurity investment. Meanwhile, security teams need bolstering with the use of dedicated solutions that are designed to minimise management, maximise automation, and deliver protection where it is needed most, at endpoint devices.