The harsh reality of cyber crime
Research shows us that hackers have no intention of letting up on their cyber attacks any time soon. According to a recent survey by internet service provider, Beaming, 52 percent of UK-based businesses were victims of some form of cyber crime in 2016, with phishing attacks and computer viruses being the most common cyber-threats faced by organisations.
The survey also found that the risk of cybersecurity breaches appeared to increase significantly depending on the size of the company. 71 percent of organisations with over 250 employees reported that they had experienced attacks of cyber-crime, while just 31 percent of companies with fewer than 10 people said the same. However, researchers noted that cyber attacks to small companies – although less frequent – were significantly more damaging. There can be a significant level of naivety amongst many small business owners who take cyber risks for granted, and this unsurprisingly makes them easier targets.
However, there is some good news, because the report also found that the adoption of new cybersecurity technologies, such as unified threat management devices, web application firewalls and network access control systems, increased the fastest amongst smaller businesses in 2016.
The next step for employers
While it may not be possible to fix a company’s cyber security flaws overnight, there are ways in which employers can evaluate the current state of affairs and act accordingly. Here are three questions employers should ask themselves:
1. Am I limiting my scope of cybersecurity skills in the market?
Far too many employers minimise the severity of inadequate cybersecurity within their organisations, and when recruiting, feel they have the privilege to only select candidates who fulfil their unconscious biases. Whether it be through the demand for candidates with prestigious qualifications, or the reluctance to diversify their workforce due to historical and unconscious bias, many businesses are narrowing their scope of crucial skills in the market.
There are many individuals who obtain real-life experience in a commercial capacity as opposed to classroom accreditation. While they may not necessarily boast prestigious qualifications that many employers covet when looking to fill such roles, they will have a solid experience of what information security entails due to their vested interest and commercial experience.
When it comes to diversity in the industry, recent figures show that there is a significant shortfall of women in cybersecurity roles. In an early 2017 survey commissioned by (ISC)2's charitable arm, the Centre for Cyber Safety and Education™, researchers discovered that women formed just 7 percent of the European cyber security workforce, placing the proportion as one of the lowest in the world.
Employers need to recognise that the industry’s failure to recruit from over 50 percent of the available talent pool is not just a diversity issue, but a security issue. Historically, the industry has been perceived as a bit of a tech ‘boys’ club’, but Cybersecurity is increasingly diversifying beyond purely technical roles. The industry has evolved to the point where it is now more than protecting databases from hackers, meaning that leadership and communication skills are also in demand.
For these reasons, companies should let go of historical prejudices and aim to detect inherent skills and employ these individuals whilst investing in their training and professional development. It’s also important to note that skills are formed at the grass roots level of education. Employers need to work closely with education institutions in order to determine how best to train young minds to develop and hone their skills in an industry that so desperately them.
2. How will my business be impacted if I fail to prioritise cyber security?
When evaluating the potential consequences of inadequate cyber security, employers must consider whether they would be willing to risk conflicting with data security legislation, financial loss due to data theft and irreversibly damaging their brand’s reputation. Although there have been multiple high-profile cyber attacks on major corporations such as Three, Sports Direct, Tesco Bank and Morrisons, many businesses still do not realise just how at risk they are of becoming a cyber-crime target. However, should they find themselves in a vulnerable position; the results could be costly. According to the report by Beacon showed that last year’s cyber attacks on nearly 3 million UK firms totalled a staggering cost of nearly £30 billion – divide that figure evenly by the amount of businesses targeted, taking away the differing circumstances and costs of each attack, and you have a general estimate of £10,000 per business.
Then there’s the General Data Protection Regulation (GDPR) – an EU regulation to strengthen and unify data protection for individuals within the European Union. When GDPR is enforced from 25 May 2018, breached or non compliant organisations will face penalties amounting to 4 percent of their annual global turnover. Yes, the UK may be leaving the EU, but the timeline in which the law will be enforced makes the reality of this law a likely possibility for UK organisations.
3. How do I attract the right candidates?
Cyber-security is largely a candidate-driven market in the UK, and qualified professionals certainly have their pick of the litter when it comes to considering which job offers to accept. Companies, who wish to stand out from the competition and target the right people, need to ensure that they are building their brand as an employer of choice for cyber security talent. It all starts at the job advert, and employers should aim to emphasise specific technology tools in use or highlight how they have integrated or hope to integrate emerging security technologies. Calling on a consultant and market specialist to receive their advice on market predictions and trends, is one good way to develop an understanding of what appeals to skilled candidates and what course of action should be taken in order to successfully attract them to the role.
Are you a Cyber security wiz looking for your next role?
Are you a tech nerd with a thorough understanding of what it takes to elevate a company's cyber security? At Search, we recruit for a wide range of tech-driven roles which include, but are not limited to cyber security. If you are looking for your next role, you can contact our cyber security recruitment specialist, Charlie Delaume here.