Cybercrime is never far from the headlines. Whether it’s a major company hack or another security threat striking fear into the hearts of IT professionals everywhere, criminals are taking advantage of inadequate defenses among global businesses.
Yet, globally, there’s a distinct lack of IT security pros available to strike back, with the shortfall in the cybersecurity workforce expected to hit 1.8 million people by 2022. This figure exposes the cybersecurity talent shortage at the heart of the mayhem.
“We’re seeing more sophisticated attacks, even at the basic level,” says Ian Glover, president of the Council for Registered Ethical Security Testers (CREST). “We need to keep our cyber hygiene standards up to date to make sure they replicate the current threat environment.”
Fight back against cybercrime
Cybercrime is estimated to have cost as much as $600 billion globally each year, according to the Center for Strategic and International Studies (CSIS). Predictions for the future are even more stark, with Cybersecurity Ventures estimating that cybercrime damages will cost the world $6 trillion a year by 2021.
The reasons for this escalation range from difficulties in making prosecutions to the rise in “Cybercrime as a Service”—where criminals run lucrative businesses by marketing their abilities to easily (and cheaply) acquire the tools of this particularly dark trade for their customers.
Challenges associated with the proliferation of devices and operating systems entering the workplace, and the corresponding hike in entry points for potential security breaches, only make the headache worse for security staff.
IT centralization is one way to tackle this challenge. With better cloud management and data visualization through analytics, it’s far easier to see what’s going on in the business. This increased visibility can help you identify weaknesses, isolate breaches as they occur, and deliver clear intelligence on the risks of any outdated technologies and processes.
Build the right security skills
Awareness of what’s happening across the organization is essential to strengthening defenses. Yet, improved insight through analytical tools is only part of the solution, because—as always—people are key.
A global business survey by Kaspersky Lab and B2B International reveals that 52 percent of businesses admit their employees are their biggest weakness in IT security. Their top three concerns are employees sharing inappropriate data via mobile devices, risks associated with the loss of mobile devices, and the use of inappropriate IT resources by employees.
In addition, 49 percent of businesses said they’d been hit by viruses or malware over the previous 12 months. Over half of these considered careless or uninformed staff to be a major contributing factor, while over a third said phishing and social engineering had been a factor in the attack. Shockingly, the survey also revealed that 40 percent of companies worldwide have experienced employees hiding security incidents when they happen.
“We need to change cybersecurity training programs into cultural change programs,” says Glover. “We need to work with a wider audience, and you need cultural change to make people more aware.”
Work is being done in education to close the skills gap, but James Hadley, founder and CEO of Immersive Labs, says more effort is needed to promote the variety of roles available.
“Most developed countries are spearheading a number of initiatives to increase the amount of people that see cybersecurity as a career, starting with children in school,” he says. “It’s not just about hacking, but because the industry is often depicted in this way, it’s difficult to get new people into the field, especially women. More needs to be done to remove the gender imbalance.”
Develop expertise within the business
That said, building a pipeline of new talent takes time, and with such an immediate threat to contend with, businesses are looking for alternative solutions to build resistance without hiring specialists.
Upskilling an existing workforce is one way to fill the void. As Hadley explains, organizations have a real opportunity to transition their people into cybersecurity roles. Interestingly, he says a person’s academic background has little influence on their potential.
“If an individual has attributes, such as analytical thinking, problem solving, troubleshooting, and perseverance,” Hadley says, “they’re likely to excel in cybersecurity.”
As more centralized data-driven tools emerge to provide a truly holistic view of the business, more control is placed in the hands of employees to interpret and act on the results. It all starts with having the ability to spot breaches early, which can help you take security to the next level.
Upskill your workforce with managed solutions
Having a clear understanding of the health and usage of mobile devices, desktops, and workstations—whether company-wide or on an individual basis—can improve the likelihood of making crucial decisions in areas like security compliance and data protection. This is where managed solutions can help.
Take HP Device as a Service, or HP DaaS, for example. The HP DaaS offering can provide predictive analytics and device insights powered by HP TechPulse, which provides company-specific data. This type of monitoring—combined with the dashboards that can come with it—can help your IT employees take a variety of proactive actions to reduce threats to the business. In turn, this can help individuals on your IT team develop and mature new analytics skills and fill in those gaps caused by the cybersecurity talent shortage.
Whether spotting vulnerable devices, automatically installing the latest patches across the suite, or identifying risk implications in the way devices are used, security employees can analyze their infrastructure with the help of HP DaaS on an individual and overarching basis and use that data to put themselves back in control. Upskilling has never been easier, thanks to innovative technology.