The global spend on cybersecurity products and services will eclipse $1 trillion in the five-year period between 2017 and 2021, according to a market report published by Cybersecurity Ventures. Unable to keep up with the dramatic rise in cyber-crime and the heightened focus on cybersecurity throughout the coronavirus pandemic, IT analysts struggled to accurately gauge the value of this vital industry until only recently.
It's clear business leaders take the need to fortify their systems seriously. Indeed, almost 70% of businesses are reported to increase cybersecurity spending following the coronavirus crisis. This is a great start. But allocating budget for the mounting threats posed by black-hat hackers, digital criminals and other troublemakers will not solely help a business to modernize safely.
The saying goes: ‘the time to fix the roof is when the sun is shining’, and unfortunately for IT management teams, it’s pouring right now. But now is the time to review your information security policy and any other guidelines you have set around remote work and access to company systems, to ensure quick fixes don’t become long-term crutches. This is the time to establish a robust cybersecurity strategy.
Invest in comprehensive cybersecurity planning
Most companies tend to have one team responsible for most or all cybersecurity matters. Some organizations place these duties with the CIO. Others look to a CISO or chief data officer. It would be ineffective to allow each business unit to determine its own cybersecurity path, especially when sharing data across the enterprise, as a universal plan to maximize the security posture offers greater protection. As companies increasingly migrate to cloud services and start sharing more information, any silos become increasingly clear and the demand for a universal plan to maximize the security posture of the business becomes critical.
There are countless avenues hackers take into networks, from stealing identities to penetrating poorly defended endpoint devices, such as network printers and computers. People also unwittingly make mistakes by clicking on the wrong things, sharing passwords or a host of any other activities that leave networks vulnerable to attack.
Investing in cybersecurity technologies, tools and training – without cutting costs – is utterly crucial for both employees and the business itself. With cybersecurity, actual attacks often cost far more than an investment in prevention programs or the critical hardware and software needed to protect IT infrastructure.
Address the cybersecurity talent shortage
More efforts are needed to bring new cyber security talent into business. This will be a difficult task given the fact there are expected to be 1.8 million unfilled cybersecurity posts across the private and public sectors by 2022. Demand for cyber skills has grown exponentially. With attack volumes and sophistication growing year on year, increasing IT complexity and even the role itself expanding, supplying enough candidates is a Sisyphean task.
But that doesn't mean finding talent is impossible. The industry needs investment, across age and experience levels. We also need to find more immediate solutions. That means upskilling those in adjacent roles and alongside this, investing in the tech to reduce the burden on an already over-stretched talent pool. Embracing new channels and unconventional strategies can also alleviate the workforce gap. It could even involve developing talent at a college level through mentorships, internships, and diversity programs.
When we leverage resources and human capital in meaningful ways, the threat of cyberattack becomes a problem that business leaders can, in fact, stay ahead of.
Forge cybersecurity alliances
Organizations must understand it's not necessary to address cybersecurity challenges alone. Technology vendors have forged cybersecurity alliances among themselves for years to address specific issues affecting them all.
Together, business leaders must step forward and take the reins to drive consistent and dramatic change at all levels within an organization. It's the only way to achieve the IT infrastructure modern times demand. As current events have dictated, solid planning can produce secure and real results.
- Michael Howard, Head of Security and Analytics Practice, HP Inc.
- Connect securely at work with the best business VPN.