The Cyber Security Talent Shortage and What CEOs Should Be Aware Of

By David Bridges, President of CompuVision

The global marketplace went digital decades ago, ensuring that doing business online became a prerequisite for being in business at all. Companies underwent a fundamental shift in outlook as soon as boundaries imposed by geographic location were rendered powerless by the infinite potential offered by the Internet. The future arrived fast, and businesses had to act accordingly; the ability to adapt became more important than ever before, and those that did not read the moment correctly were destined to fail in this emerging market.

The overall cost of data breaches in 2019 was predicted to be $2.1 trillion globally, which is a staggering four times the amount of damage inflicted in 2015. This data points toward lack of knowledge, skill and, most importantly, the lack of a workforce capable to stem the rising challenges that being always online brings to the table.

Recent inquiry by the Identity Theft Resource Center took special care to showcase the impact a damaged relationship can have on the very possibility of continuing to provide service to jaded customers in the future. No amount of damage control can repair a fundamentally broken relationship. It is essential that any organization has the cyber security tools, and the talent, to prevent these breaches and maintain privacy and integrity.

A veteran IT company such as IBM has tried to curb the talent shortage by creating a new type of worker, the “new collar” cybersecurity employees. Recognizing that no degree can replace proper analytical skill and a passion for problem solving, they moved towards the jobs of tomorrow and of today, positions heavily reliant on lifelong learning. The question this approach answers is: why wait? Recruiters’ jobs are to recognize a predisposition for risk assessment and develop an impromptu curriculum that runs simultaneously with workplace tasks. Nothing discourages the prospective intruders more than knowing that the other side may be ready for them.

While the need for continuous education of the workforce cannot be stressed enough, what about the knowledge of a CEO? Running a successful tech company is a business, after all – and one does not need to be a cybersecurity expert to obtain market success. However, knowing what it’s like in the trenches, where new procedures are developed to counter risks that the present and future bring is no longer desirable: it’s necessary. Risk management became a key factor when steering a company forward, and developing a plan runs in parallel with the ability to constantly (self)improve. The knowledge obtained this way forms an invaluable database from which we can identify – and define – potential liabilities and the advantages that can be gained should they be successfully countered.

Key Points to Take into Account when Improving the Cyber Security of Your Business

• Receive a third party audit to obtain a fresh perspective on your daily operations.

• Utilize machine learning to apply an AI-based antivirus software.

• Train your staff, then train them again – because awareness can never be raised high enough.

• Realize that backup is never a waste of time; lack of it can lead to a colossal loss.

• Gear up for disaster by recognizing the procedural errors that lead up to it – prevent the blackmail from ransomware groups.

When cyber security talent can’t be found in-house, having a third party provider to augment the staff skillset is a favorable choice. Audits that find weaknesses and troubleshoot legacy systems for potential vulnerabilities can help a CEO sleep more soundly at night. This is done through smart integration of the latest technologies into a company’s daily schedule. By looking inward, you’ll likely find you already have a savvy team who can help, or quickly learn how, to adapt to using new technologies. However, this insight does not come easily, as we’re often blindsided by routine and as a result, it’s not easy to pull off a paradigm shift.

Therefore it’s always useful to take a step back from what you’ve been closely working on and get an extra set of eyes to review your work and your team; they’ll likely be able to see vulnerabilities more quickly, and can create long-term changes in order to better utilize the talent and technology presented before them. Starting a conversation with the third party team is the first and the most crucial step to take – open debate will act as a much needed analysis of a business’ mindset, but more importantly, it will define any conflicting agendas and outline the true purpose of the current moment. Future steps are only made possible after the present issues are properly charted out.

Software is often viewed primarily as a risk-prone digital property – something that needs to be protected. This is a great disservice to its potential, since the advancements in AI and the concurrent development of sophisticated antivirus programs created an opportunity for a company to have a line of defense that is tailor-made to its purpose. A generalized security procedure will cover only the most common types of malware, remaining wide open to those designed so as to remain inconspicuous; machine learning has made sure that this, too is kept in mind of the defenders’ system.

Attack can be the best defensive play you have, and in the recent years, software giants such as Microsoft have introduced AI-driven malware analysis to their customer base. Advanced tech protection can not only recognize early signs of a virus taking hold, but can be a deterrent to the dreaded zero-day exploits, worst nightmare of any system administrator. These advancements in software design mean that the program can independently look for an infection pattern, and set the necessary procedures in place, even creating new ones as the need arises. This way malware is not only quarantined – it’s trapped in a classroom where it can be used as an educational tool from which the computer can predict future threat forms.

Upholding the daily routine can serve to instill value within employees, now sharing a common goal regardless of their work description. The drills that can be put in place are not aimed at general public; they represent the inner workings of a company, something that will be sensed by customers, no matter how successful its marketing campaigns are. It need not be equated with strict discipline that puts a burden on creativity, but with a measured weight of responsibility that everyone can share together.

The need – the necessity – of backup is the advice given when it’s already too late. It’s the maxim most people learn the hard way, and many are doomed to repeat it. First and foremost, it is the healthiest form of paranoia available in the digital space; assuring that each part of the plan is compartmentalized in secure segments that can be reverted to in case something goes wrong. It is a monumental time saver that many companies that went out of business did not have time to do. It can be done on physical media, it can put your data on the cloud, and it’s best to use every option on offer. Most importantly, backup is a state of mind that will be a cushion when our best-laid plans go wrong; and they will, and often.

Understanding how prone a business is to these threats mirrors the CEO’s cyber awareness. Realizing how a disaster may strike means not only anticipating the route it takes, but also taking steps that will minimize the damage potential. Ransomware usually goes for a company’s intellectual property, encrypting it and setting up a deletion date – unless a cryptocurrency fee is paid. For a business that did not protect its files in advance, where no backup procedure has been implemented in time, this may well be the only choice. It is a failure that ties together each previously discussed aspect of digital security: lack of fresh perspective, running of dated apps and drills, and a CEO’s unwillingness to lead by example.

Preventing a compound fracture that breaks down your company structure means being in tune with its daily operations, and having faith in the capability of its departments to work in sync; each day, another aspect of entropy may be prevented. Software is exact, but humans are fallible; there is nothing as beneficial to a more secure future as improving upon an earnest mistake.

Audio Version

Female Voice Audio