Organisations generate millions of system logs every day from the likes of servers, firewalls and network devices. Their ability to process, analyse and react to this information affects how they will manage any security risks and incidents. To help process this data, many organisations implement a Security Incident and Event Management (SIEM) system or outsource to a Cyber Security Operations Centre (CSOC) for their monitoring, which provides a real-time analysis of security alerts.
By 2019, 1 to 2 million roles within cyber security will be unfulfilled. That's a figure that should strike fear into the heart of even the most stoic of business people. The threat of cyberattacks is growing quickly, and there aren't enough skilled people in place to control the wildfire.
This global cyber security skills crisis isn't exactly a new problem, though. Over the last 2 years, 40% of cyber security roles remained unfulfilled, despite an increase in job postings of over 74%. This is a problem, then, that's been smouldering in the background for a long time, and consequently now has the potential to create some serious destruction.
Although there is a growing understanding of how vital cyber security is, organisations still don't necessarily understand exactly how fundamental it is to the success of their companies. Just look at cyber security budgets, which usually account for only 25-30% of an organisation's total IT spend (according to the IDC.)
With the number of attacks only growing, this is clearly not enough money. Every time a company gives an employee a take-home device, they're exposing themselves to a lot more than 25-30% of the total security threats!
Even if there were enough people applying for cyber security roles, the relatively meagre budget allocated to cyber security by most organisations still wouldn't be sufficient to hire all the cyber security professionals they need.
What with the lack of applicants and budget allocation, many companies are now choosing to outsource their cyber security teams. By the time we get to 2020, it's likely that most organisations won't have their own in-house cyber security skills.
For most companies, the best way to plug the cyber security skills gap is to call in organisations that offer an offsite security service. Even better, they can call in an organisation which provides the cyber security element on top of other useful offerings, like network and virtual data centre services (conveniently).
Going this route is making organisations' total IT spend more efficient.
This is because you don't have to invest in the infrastructure. By outsourcing, you can be flexible with the scope of the estate. You are also going to get better quality responses from analysts because they are keen to make sure you want to maintain the service.
These analysts add an extra dimension to the organisation – you don't have to hire them but they're there. To cut a long story short, if and when the big alarm goes off (and something goes wrong), there's always someone there to help fix it. An outsourced security team is probably going to give your organisation a lot more value than the 25-30% you're currently spending on your IT budgets – their expertise will really give you more bang for your buck.
And crucially, you can switch this service on and off as you wish. The job of a Cyber Security Operations Centre (CSOC) is to be there to protect what really matters - when it matters.
Anyone can buy the tools to offer a cybersecurity service. You can buy a firewall quite easily - just pop onto the internet and order one. But the value lies in knowing what the output means – and which next steps to take. Your recently purchased firewall isn't going to do you much good if you don't know what it's telling you. Therefore, most organisations need to bring in expert cyber security monitoring and advisement in order to get the best use out of their technology. And who wouldn't want to do a better job whilst saving money?
The GDPR deadline day of 25th May has been and gone, but sticking to the legislation remains as important as ever. This is because GDPR is, in fact, not something that can just be 'done'; instead, it is ongoing and needs to be constantly changed and updated. The onus is on housing associations to comply with GDPR not just today, but in six months, a year, two years, and beyond.
Cyber security is more complex now than ever before, and the implications of a cyber-attack can be much more disastrous. Organisations must consider not only the financial implications but the reputational damage that can arise following an attack. The proliferation of social platforms and the increasing needs of regulation, mean that security breaches can be publicised across the globe within minutes. Whilst the cost of launching a cyber-attack has reduced over the last few years, the cost of defence has risen. This is because there's a greater variety of attack vectors – means by which an attacker can gain access to your network. The methods deployed are so vast, compared to previously, that it makes it increasingly difficult to build an effective defence against. Highly sophisticated cyber-attacks are also using automation techniques to maximise their damage, to the extent where one piece of code can be used many thousands of times.
As the Financial Services (FS) industry continues to adopt and leverage digital technologies to innovate and deliver customer-centric outcomes, there is also a major focus on inward change, on improving employee experience through streamlining, simplifying and consolidating platforms, infrastructure and processes. Of course, Digital Transformation comes with an abundance of risks. Some of these are already widely recognised and covered by the mainstream media, some are newly emerging, and others are as yet unknown.