It was interesting to read the Ipsos report on Cyber Security Skills in the UK Labor Market in 2023. This report highlights ongoing frustrations and challenges in recruiting, training, and retaining staff across all cybersecurity domains. Some enlightening discoveries include:
Approximately 739,000 companies (50% of those surveyed) are required to fill out basic skills. This means that cybersecurity personnel at these companies lack the confidence to perform the kinds of basic tasks set out in the government-approved Cyber Essentials Scheme and do not have support from external cybersecurity providers. yeah.
Approximately 487,000 companies (33% of those surveyed) have higher skills gaps, with the most common areas being breach forensic analysis, security architecture, malicious code interpretation, and penetration testing. . 41% have an internal skills gap for incident response and recovery and do not provide external resources for this aspect of cybersecurity.
Director of Incident Response and Threat Intelligence at Quorum Cyber.
Lack of incident response
Most alarming was the report that revealed a lack of incident response skills. This is unacceptable at a time when hacking is now a paid profession. As a result, the demand for trained cybersecurity professionals is increasing, and education and training programs must be prioritized to fill these gaps. Additionally, these shortcomings extend to senior managers and board-level executives who need to understand the steps to take to manage incidents. While it is encouraging that boards are increasingly understanding cyber risks, clearly more needs to be done to educate senior management about their involvement in the event of an incident. Cyber incidents always require a business response, not just a technical response. Senior and board level actions can be easily taken as follows:
- Please be sure to report the incident
- Notify your cyber insurance company immediately
- Please don't carry it alone.always seek outside help
- Appoint a cyber incident owner to oversee the response process
- Log actions and decisions
- focus on containment
- Listen to advice and best practices.You are not the first to be compromised
- Be patient; dealing with cybercrime is a process
- Assist authorities and regulators as much as possible with documentation
- Take care of reputation management and control the narrative.
Cyberattacks are a business
IT departments must translate cyber risks into operational and business risks that can be understood at the board level. Board members understand business, and cybercrime is a well-organized business. An IT professional must explain that the world of cybercrime has evolved into an ecosystem that consists of three different types of groups:
Access brokers focus on finding organizations with vulnerabilities and compromising networks, researching the easiest way to penetrate them, and selling this as a package to other groups.
Developers build and rent out ransomware-as-a-service (RaaS) tools.
After purchasing access information and hiring RaaS tools, a third group infiltrates the network, steals or encrypts data, executes a ransomware payload, and demands a ransom.
In short, it has become an industry. The group took on the roles of various experts and divided the profits according to their skill sets and the risks involved in completing the transaction. This business model makes it difficult for researchers to determine which cybercrime organizations were involved in each cybercrime.
just a few precautions
One of the most effective ways to transfer knowledge is to expose senior-level managers to a simulated cyber incident to educate them about their roles and responsibilities in the event of an attack. Tabletop incident response exercises are a great way to ensure your plans, strategies, and teams are thoroughly tested. By working closely with senior management, IT departments can help learn lessons from each exercise and prepare for contingencies. This knowledge transfer includes input from internal legal, financial, and other business leaders and external subject matter experts, as well as input from internal legal, financial, and other business leaders as well as external subject matter experts to quickly set direction and prioritize the many demands placed on the team. , including promoting irresponsible and irresponsible behavior. culture of fear.
Over the past 15 years, I have worked with the boards of many organizations that have been victims of devastating events. I have seen firsthand the positive impact that effective leadership and direct board involvement can have in successfully overcoming attacks. As we all try to figure out how to acquire and train new top talent in our industry, we are working with senior executives to equip them for roles that will positively impact attack outcomes. By educating, we can also help ourselves.
We've featured the best business VPNs.
This article is produced as part of TechRadarPro's Expert Insights channel, featuring some of the brightest minds in technology today. The views expressed here are those of the author and not necessarily those of his TechRadarPro or Future plc. If you're interested in contributing, find out more here. https://www.techradar.com/news/submit-your-story-to-techradar-pro