The lack of talent in cybersecurity increases the digital risks that companies are exposed to; is your company prepared?
- Qualified talent is essential to boost the cybersecurity sector
- Cybersecurity specialists can come from different academic disciplines; they don’t need to be engineers or systems experts
- Taking care of cybersecurity has become a key factor in brand reputation and user confidence
In 2017 alone, the CNN-CERT (Spanish Acronym for “Incident Response Centre of the National Cryptological Centre” at the CNI) dealt with 26,500 cyber incidents, which meant a 26.55% increase from 2016. This increase reflects the delicate situation in which companies find themselves and the pressure to protect both public and private entities from these types of online threats.
The cost of cybersecurity is increasing exponentially for companies. The rise of “cybercrime as a service” and the increase in hacking tools and services that were previously only accessible to a few have blurred the profile of the classic cybercriminal making it possible for virtually anyone, attracted by the high economic return and ease of cyberattacks, to have access to them. To make matters worse, the lack of qualified candidates in IT security is added to this situation. Companies are exposed to more risks since their control and response capacity is limited.
On February 20 we held an exclusive Cybersecurity breakfast event, and we had the pleasure of having Adolfo Hernández, deputy director and cofounder of THIBER, a cybersecurity think-tank research centre specialized in cyberspace protection, and Head of Advanced Cyber Defence at Sabadell Bank.
We focused on the topic of “How to make the most of the digital economy by managing corporate digital risks”. The conclusions we drew have defined the main trends and the challenges of the cybersecurity sector today:
- Identify, attract and retain talent
One of the main challenges for companies when tackling cybersecurity threats is to first be able to identify, attract and retain talent. According to Adolfo Hernández, Spain is a specialized talent powerhouse in this area and has become a leading destination for cybersecurity offshoring. This is demonstrated by the creation of different cybersecurity hubs in large multinational companies and the existence of a growing regional business network that offers quality services at competitive prices.
According to a study by ISC2 (International Information System Security Certification Consortium), by 2022 there will be a shortage of 350,000 cybersecurity professionals in Europe. It has been stressed that extensive prior technical experience should not be a barrier to entry. In fact, not all cybersecurity profiles have to be engineers; other figures such as political scientists and criminologists are also required to help understand the motivation, economic model and profiles behind cyberattacks.
- Confidence in CYBERSECURITY
Cybercrime is the fastest growing crime and has a huge impact on consumer confidence in the digital market, as Adolfo Hernández explained to us. Cybersecurity has become an essential factor in measuring the confidence consumers have in a company. The news that Moody’s is already studying how to build the cyber risk that a company has into business credit ratings is really driving home the fact that a cyberattack goes beyond being an economic problem; it can become a serious reputational problem.
- Hyperconnectivity and Cybersecurity
Hyperconnectivity stands out as one of the biggest obstacles to cybersecurity. The Internet of things means that a cyberattack can affect several devices (mobile phones, Smart TVs, connected vehicles, security cameras…)
The digital population has increased by more than 366 million users in 2019 versus January last year. More than 3.2 billion people are active Internet users who don’t limit themselves to just one device; there are millions of objects connected through the Internet of Things (IoT). Therefore, the more connected we are, the more we are exposed to risks.
- Disparity between those who protect and those who attack
The relationship between the cybersecurity professional and the cyber attacker is significantly imbalanced. Those in charge of protecting companies have to deal with different tasks on a daily basis that have nothing to do with the objective of defending against all possible attacks; such as dealing with audit departments, limited budgets, lack of corporate awareness, lack of specialised talent and regulatory compliance. On the other hand, the only task the attacker has is to find a vulnerability to attack: this is a complete imbalance. At The Valley Talent, we consider it essential that companies have the ability to identify qualified talent and integrate them correctly into their corporate structures. This way, they are better equipped to respond to cyberattacks.
Companies that attract and retain the best talent in this sector will develop cyber capabilities to securely face the digital challenge. The challenges at hand are to make cybercrime less profitable and combating it an even fight.