Perfect Storm to Cyber Pandemic

"Is the current perfect storm of change amid the digital tide and the public health response building to another kind of pandemic?"

Great change often brings great uncertainty.

The recent past has shown us how the digital revolution, from cloud computing and 5G to artificial intelligence and augmented/virtual reality, can disrupt as well as develop the business landscape.

Added to this is the pace of technological change, and organisations can be forgiven for feeling somewhat overwhelmed. This digital revolution is not exclusive to the business world, it extends to the world of cyber crime too. New tools, attacks and threat vectors are emerging all the time, adding to the general level of uncertainty and doubt in the digital world.

And then came the pandemic.

To add to the struggle already underway for many businesses trying to transform digitally, new threats and new threats actors have been detected as criminals take advantage of the global health crisis. Outside of the usual protections, many agencies have documented new levels of vulnerability combined with an increased level of cyber threat and attack as people worked from home. As many who moved outside of the office for the first time were unfamiliar with best practice, awareness of threats and malicious actions were often harder to maintain.

According to one study by a security company, 47% of people admitted to interacting with a malicious communication attempt while working from home during the pandemic, compared to 43% in the office.

The ENISA 2021 Threat Landscape report lists the top threats as Ransomware, Malware, and Cryptojacking – all vectors that regularly employ some element of human targeting as part of their attack structure.

The cyber criminals are preying on the uncertainty generated by pandemic conditions, leveraging the very digital tools and services on which we have come to rely to cope with the public health measures.

This combination of circumstances has meant that cyber security professionals are stretched as never before in providing the basic protections to ensure that workers have adequate safeguards, risks are mitigated and awareness is spread of how to work safely.

According to a
study by the Chartered Institute of Information Security, more than half (51%) of cybersecurity professionals are kept up at night by the stress of the job and work challenges. The 2020/21 State of the Profession report found that almost half (47%) of information security professionals are working more than 41 hours a week, with some reporting up to 90.

This situation is further exacerbated by the fact that even before the pandemic, there was a critical shortage of cyber security professionals across the globe. The ISC2 annual report for 2021 estimates that Ireland has some 15,000 cyber security professionals, but needs 10,000 more to meet the rising demand for information security skills.

While the ISC2 report does show a decrease in the global workforce shortage for the second consecutive year, down from 3.12 million to 2.72 million people, the trend is not enough to alleviate the immediate issue of a shortage of skills.

The outlook then is one of a perfect storm - a potential cyber epidemic - increasing demand for digital transformation, an accelerated pace of technological change, a shortage of cyber security skills and a global adjustment to new ways of working in the post pandemic world that must yet plan for new disruptions, be that the next pandemic of something else, as yet unknown, all in the context of increasing sophistication, organisation and opportunism by cyber criminals and nation states.

Some in the cyber security world have strongly argued that new ways to approach cyber security must be developed to address these various issues and concerns. A risk-based approach, encompassing techniques such as threat modelling, can allow organisations to understand their own risk profile, develop an appropriate risk mitigation programme and assign scarce resources to achieve the greatest effectiveness.

Cyber risk needs to be thought of on a strategic level. Taking a leadership approach, from the CEO, CIO and CISO, cyber risk needs to be aligned to business risk, informing business strategy.

This approach, much like previous conversations in business to align business and IT strategies, requires examination and self discovery for each organisation to fully understand what it means and what needs to be done. However, certain organisations have already begun this journey and are enjoying the benefits.

The shared experience of peers, sectors and markets has been invaluable in the past to allow organisations to fully understand the impact of these kinds of changes. Senior information and cyber security professionals coming together and sharing experiences and insights, in an appropriate forum, provides the kind of support that will be vital to combat rising tide of cyber threats. It takes a community to defeat the community of underground, avaricious cyber criminals.

Taking a new approach to the current situation, the EU Cyber Threat Summit will provide at its heart this year, a round table session allowing Ireland’s top cyber security professionals and C Suite officers the opportunity to share and discuss their experiences in the pandemic, and their plans to transition to hybrid working and the evolving threat landscape.

Facilitated by a moderator and informed by industry experts, the session will encourage all participants to share and explore the recent experiences with observations, allowing everyone to understand what has worked and what has struggled, and how the community can come together to provide support.

The perfect storm, that could lead to a cyber pandemic, need not be so mesmerising as to dazzle professionals into paralysis. Understanding how peers, professionals and sectors are tackling the same challenges across the board, in a secure, supported forum is a proven means of ensuring that everyone has the information and expertise necessary to make the hard decisions and provide the protections needed for each organisation. 

Join us on 30 November at the Convention Centre Dublin where 10 speakers and more than 200 delegates will engage in a one-day programme centred around the roundtable.

Paul Hearns is an author, journalist and presenter of more than two decades experience.