Every few months my colleagues and I at Genesis10 do our best to provide you with an update on the latest in cybersecurity, along with some perspective. New cyber threats surface every day, while many that we’ve reported on recently haven’t gone away. All of them are sinister. We need to keep a watchful eye on these threats, an activity that grows more challenging for IT leaders as the shortage of tech talent skilled to ward off cyber threats continues.
According to a University of Tulsa blog, it can cost an organization up to $13 million to detect and mitigate a single sophisticated large-scale hack or data breach. Global spending on cybersecurity products and services is measured in billions of dollars. Finding professionals with the right cybersecurity education and experience to fill open roles only adds to the tab. By 2025, the global shortage of data security and cybersecurity experts could cost the world more than $10 trillion annually.
Phishing scams to data breaches
Cybersecurity is defined as a technical discipline concerned with protecting the digital interests of people, households, companies, cities, and nations. Its focus includes everything from phishing scams and digital identity theft to large-scale data breaches and cyber terrorism.
Of these threats, China represents the biggest to U.S. businesses, defense infrastructure, and financial services, among other key institutions according to the Cybersecurity and Infrastructure Security Agency. China has built up formidable cyber power over recent years and has already conducted some high-profile attacks, including one against Microsoft Exchange in 2021.
Russia too presents a big threat, all the more so since the war in Ukraine. In response to economic and political sanctions, the U.S. and its allies expect state-sponsored cyberattacks from Russia.
An article in CPO magazine, “Top 4 Cyberattacks to Watch Out for in 2022,” suggests:
“Every cybersecurity team should adopt an overarching onion approach to safeguarding their IT systems. The onion approach is based on having multi-layered cybersecurity, meaning any attackers would have to penetrate various layers of protection before reaching any sensitive data. IT systems should incorporate as many tools as possible, including antivirus software, firewalls, encryption tools, and penetration testing, plugging any cybersecurity gaps. But this doesn’t simply include tools: People and effective processes are also a part of the proverbial onion.”
Still, even having a basic cybersecurity setup goes a long way in staving off cyberattacks, along with such practices as stronger passwords, not sharing logins, and logging out when leaving computers.
Lack of talent is a threat
While we certainly need to be concerned about China and Russia, the lack of certified, experienced cybersecurity professionals also poses a serious threat, writes Ran Shahor, CEO at HolistiCyber, in a recent blog. HolistiCyber, an internationally recognized cybersecurity organization, is a Genesis10 strategic partner.
In the U.S., about one million people are employed in a cybersecurity role, and while reports vary, there are nearly 600,000 open positions. Globally, the numbers are even more staggering, with an estimated 3.5 million jobs unfilled in 2021. Harvard Business Review reports that the majority of CISOs around the world are worried about the cybersecurity skills gap, and 58% expect it to get worse.
Our colleges and universities are on this. They are developing focused cybersecurity curriculums, with some community colleges working with Microsoft to help fill 250,000 cybersecurity roles. Meanwhile, companies are looking at upskilling and reskilling existing employees.
Others concerned about limiting organizational risk outsource cybersecurity activities to a third party of managed professional services and consulting. These providers have capabilities to proactively upgrade a company’s security posture, close existing gaps, and ensure stronger protection mechanisms for the company’s data and assets—while reducing overhead expenses.
Genesis10, for one, is helping companies to bridge not only security gaps but also the skills and experience gaps that are so prevalent in enterprises today.
