In 2017, there were 7.5 million DDoS attacks with a 20 percent rise in enterprises reporting multi-vectored intrusions. As cyber-crime has increased in both frequency and complexity, so too have the financial and reputational consequences for organisations. According to the Center for Strategic and International Studies, cyber-crime has resulted in £291 billion of annual losses, with last year's WannaCry ransomware attack costing an estimated £2.9 billion in lost productivity alone.
Despite the need to bolster businesses' defence, new research reveals that demand for IT Security staff has actually dropped five percent in the past year (from Q4 2016 to Q4 2017). The report unveiled a 24 percent year-on-year (Q4 2016 – Q4 2017) increase in the demand for contractors, but this was outweighed by a 10 percent decrease in demand within the larger market for permanent IT security staff during the same period.
The report explains that in the last few months, the security market has been lamenting not just the lack of good talent, but how long it takes to bring new IT Security professionals into organisations. As a result, businesses, under constant threat of cyber-attack, have been forced to change the way they view and manage cyber-security to ensure they're not leaving themselves vulnerable. Here are four key factors driving this change.
Skilling up the workforce
People are often the weakest link in any organisation's security chain. In recent years, corporate cyber-security culture has left companies increasingly open to attack – over half of businesses (52 percent) believe they are at risk from within. If cyber-criminals can get through to employees, they are almost certain to be successful in hacking into the organisation. It's often simple techniques, like phishing attacks that can be the most effective.
In response, employers are increasingly bringing in IT Security contractors to upskill their entire workforce with essential cyber security knowledge to protect their core assets, IP and data. This explains why there has been a slowing demand for permanent IT security experts in the past year, with fewer specialists typically required and broader security awareness shared across the business.
Increasing sophistication of attack tools
Of course, IT Security has always focused on protecting information infrastructures with the latest software and anti-virus tools – highlighted by last year's WannaCry ransomware epidemic. Such an approach, however, is no longer enough to protect businesses from the latest threats. Cyber-criminals have an increasing number of complex hacking tools at their disposal, such as exploit kits and database hacking software. As a result, businesses are willing to pay a premium for the few security experts they do hire into their organisation, with the research unveiling a four percent annual increase in salary for permanent IT security professionals.
The Internet of Things (IoT) ramping up cyber-risk
The number of connected devices is predicted to grow to over 20 billion by 2020, and in response, organisations are paying more to attract and retain the specialist skills needed to take advantage of the growing trend and develop new applications – Big Data professionals typically now command salaries of £70,000+. However, employers must also ensure they are securing the vast amounts of data moving through their networks as a result of IoT. Bringing in a combination of short-term contractors and permanent IT security hires will mean that both immediate gaps can be plugged, and that the entire organisation can be equipped with the vital skills it needs to defend itself against the vulnerabilities of IoT development from the start.
Conquering risk not just regulation
IT Security staff, who have long been focused on digital protection alone, must now consider the wider business implications. With regulations coming into force this year such as GDPR, compliance has become a key boardroom issue. Of course, new regulations bring new challenges. Companies will have to improve their processes for reporting data breaches and justify how they collect and store data in order to comply with the regulation. With implementation now less than 100 days away, businesses are turning to contractors to plug short-term gaps. While this may be an effective immediate solution, they must not forget the longer-term view. Maintaining compliance with GDPR is not a one-off, and organisations must ensure that they have the necessary security resources in place to remain compliant for the coming years.
Increasingly, businesses are recognising that defending against cyber-attack is simply too important to be the responsibility of the IT department alone. Every individual within an organisation must now be security literate, whether they're in a technical or non-technical role. Ever more sophisticated hacks, the emerging IoT trend and increased regulation are transforming the way that organisations work, putting cyber-defence on everyone's radar. This is encouraging employers to upskill their entire workforce. While this is a necessary step, as cyber-threats become ever more sophisticated, companies shouldn't rest on their laurels and instead make sure that they have the right talent and provisions in place to bolster their defence, both in the short- and long-term.
Martin Ewings, Director of Specialist Markets, Experis
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.