Perfect Storm to Cyber Pandemic
Great change often brings great uncertainty.
The recent past has shown us how the
digital revolution, from cloud computing and 5G to artificial intelligence and
augmented/virtual reality, can disrupt as well as develop the business
And then came the pandemic.
According to one study by a security company, 47% of people admitted to interacting with a malicious communication attempt while working from home during the pandemic, compared to 43% in the office.
The ENISA 2021 Threat Landscape report lists the top threats as Ransomware, Malware, and Cryptojacking – all vectors that regularly employ some element of human targeting as part of their attack structure.
The cyber criminals are preying on the uncertainty generated by pandemic conditions, leveraging the very digital tools and services on which we have come to rely to cope with the public health measures.
This combination of circumstances has meant that cyber security professionals are stretched as never before in providing the basic protections to ensure that workers have adequate safeguards, risks are mitigated and awareness is spread of how to work safely.
According to a study by the Chartered Institute of Information Security, more than half (51%) of cybersecurity professionals are kept up at night by the stress of the job and work challenges. The 2020/21 State of the Profession report found that almost half (47%) of information security professionals are working more than 41 hours a week, with some reporting up to 90.
While the ISC2 report does show a decrease in the global workforce shortage for the second consecutive year, down from 3.12 million to 2.72 million people, the trend is not enough to alleviate the immediate issue of a shortage of skills.
The outlook then is one of a perfect storm - a potential cyber epidemic - increasing demand for digital transformation, an accelerated pace of technological change, a shortage of cyber security skills and a global adjustment to new ways of working in the post pandemic world that must yet plan for new disruptions, be that the next pandemic of something else, as yet unknown, all in the context of increasing sophistication, organisation and opportunism by cyber criminals and nation states.
Some in the cyber security world have strongly argued that new ways to approach cyber security must be developed to address these various issues and concerns. A risk-based approach, encompassing techniques such as threat modelling, can allow organisations to understand their own risk profile, develop an appropriate risk mitigation programme and assign scarce resources to achieve the greatest effectiveness.
Cyber risk needs to be thought of on a strategic level. Taking a leadership approach, from the CEO, CIO and CISO, cyber risk needs to be aligned to business risk, informing business strategy.
This approach, much like previous conversations in business to align business and IT strategies, requires examination and self discovery for each organisation to fully understand what it means and what needs to be done. However, certain organisations have already begun this journey and are enjoying the benefits.
The shared experience of peers, sectors and markets has been invaluable in the past to allow organisations to fully understand the impact of these kinds of changes. Senior information and cyber security professionals coming together and sharing experiences and insights, in an appropriate forum, provides the kind of support that will be vital to combat rising tide of cyber threats. It takes a community to defeat the community of underground, avaricious cyber criminals.
Taking a new approach to the current situation, the EU Cyber Threat Summit will provide at its heart this year, a round table session allowing Ireland’s top cyber security professionals and C Suite officers the opportunity to share and discuss their experiences in the pandemic, and their plans to transition to hybrid working and the evolving threat landscape.
Facilitated by a moderator and informed by industry experts, the session will encourage all participants to share and explore the recent experiences with observations, allowing everyone to understand what has worked and what has struggled, and how the community can come together to provide support.
The perfect storm, that could lead to a cyber pandemic, need not be so mesmerising as to dazzle professionals into paralysis. Understanding how peers, professionals and sectors are tackling the same challenges across the board, in a secure, supported forum is a proven means of ensuring that everyone has the information and expertise necessary to make the hard decisions and provide the protections needed for each organisation.