A major part of my role in recruiting and building my network of senior & middle executive cybersecurity skills involves listening to the views of professionals about the cybersecurity sector; Chief Information Security Officers (CISOs) & senior cybersecurity skilled management, some who are looking for their next career challenge, but often general conversations about topics affecting the cybersecurity sector. 

The prevailing theme emerging from this dialogue is that both businesses and those responsible for cybersecurity are now under greater pressure than ever before. 

According to the UK-focused cybersecurity threat report, “Extended Enterprise Under Threat’1, published in July 2020 by VMware Carbon Black, 98% of respondents cited that attack volumes have increased in the last 12 months and that 99% had suffered a security breach. The survey also found that the average organisation experienced 2.63 breaches during this time. 99.6% of respondents added that they plan to increase cyber defence spending in the coming year. 

In an article published in September 2020, Commsmea quoted Kaspersky’s latest research findings, which highlighted that “2020 is on course to rack up somewhere in the region of 1.5 billion cyberattacks for the year”. The same article also signposted a new report by Security Intelligence, which estimated that the average cost of a data breach stands at a staggering $3.92 million2

The New Vaccine

 While the numbers make strong headlines, real businesses are suffering. Every day cybercriminals unleash waves of new attacks, attempting to steal data and money and disrupt businesses by holding them to ransom. The cyber threat now involves highly organised groups, with nation states, organised criminals and ‘hacktivists’ investing huge resources in developing their capability. At a time when even the FBI and the White House have accused China of using digital espionage to steal research on the coronavirus vaccine, cybercrime has never been a hotter topic or a bigger concern for businesses. 

Respect

 The role of the Chief Information Security Officer deserves greater respect. After all, they have the ‘key to the house’ and if any one element of their responsibility is breached, not only can data be stolen, the company could be blackmailed and the reputation of the firm can be tarnished irrevocably. The KPMG and REC Job Report for August 2020 has brought cybersecurity skills strongly into focus as second in the skills in short supply for permanent staff. We believe that there is a strong case for the role of CISOs to be recognised as lynchpins of the organisation with an independent voice on the main board. This will not only ensure a sustained focus on cybersecurity threat at C-Suite level, it will also eradicate potential conflicts of interest and dilution of budgets. 

In a recent article in the Wall Street Journal, ‘Security chiefs look to justify cybersecurity costs during business downturn’3, Sam Olyaei, a research director at Gartner Inc. commented: “There could be additional strain on cybersecurity spending at companies where security is part of the overall information technology budget. Once the technology budget is cut, cuts to cybersecurity spending will follow.” 

I am delighted that within my network of CISOs there are increasing numbers of females who are doing an incredible job in bringing cybersecurity to a wider audience, encouraging diversity in the workplace. It was therefore particularly 

encouraging to read the report from the National Cyber Security Centre (NCSC)4 highlighting a surge in applications from female candidates of 60% from 2019. This is great to see but there’s still a long way to go! 

Expect

 The role of the Chief Information Security Officer deserves greater respect. After all, they have the ‘key to the house’ and if any one element of their responsibility is breached, not only can data be stolen, the company could be blackmailed and the reputation of the firm can be tarnished irrevocably. The KPMG and REC Job Report for August 2020 has brought cybersecurity skills strongly into focus as second in the skills in short supply for permanent staff. We believe that there is a strong case for the role of CISOs to be recognised as lynchpins of the organisation with an independent voice on the main board. This will not only ensure a sustained focus on cybersecurity threat at C-Suite level, it will also eradicate potential conflicts of interest and dilution of budgets. 

In a recent article in the Wall Street Journal, ‘Security chiefs look to justify cybersecurity costs during business downturn’3, Sam Olyaei, a research director at Gartner Inc. commented: “There could be additional strain on cybersecurity spending at companies where security is part of the overall information technology budget. Once the technology budget is cut, cuts to cybersecurity spending will follow.” 

I am delighted that within my network of CISOs there are increasing numbers of females who are doing an incredible job in bringing cybersecurity to a wider audience, encouraging diversity in the workplace. It was therefore particularly 

encouraging to read the report from the National Cyber Security Centre (NCSC)4 highlighting a surge in applications from female candidates of 60% from 2019. This is great to see but there’s still a long way to go! 

Protect

Cybercrime is an enterprise-wide concern. Asking all staff to be vigilant and take responsibility for tackling cybercrime is the first crucial step in protecting the organisation. 

Massachusetts Institute of Technology (MIT) scientists have outlined the security failures that are costing companies the most5. Key issues include allowing access to unauthorised ports, failure to prevent malware and ransomware, neglecting to perform proper inventory and control of hardware assets, as well as failing to implement effective log management or to adopt ML/AI-powered automated analysis (to identify security incidents as they happen – or even to predict and prevent them). 

The more we can do to put barriers between our organisations and the cybercriminals that threaten them, the better chance we have of preventing financial losses, redundancies and even business closure. From Data Leakage Prevention (DLP) solutions to Unified Endpoint Management (EUM), there are numerous security solutions to protect home workers and sensitive data from exploitation and attack. Identifying the right solutions for the business’s unique needs is best achieved by a cybersecurity professional. 

Detect

Identifying and using the right cybersecurity tools is key to success in protecting businesses from the damaging effects of cybercrime, making it as difficult as possible for hackers to get inside and exploit processes and to detect instances where there is vulnerability or a breach. 

One of the most common ways that hackers gain access to business systems is via code defects known as ‘exploits’. Some of these can remain undetected for years before they are patched, so if you don’t update all of your software regularly, from operating systems and browsers to specialised programmes, your networks could be continuously left open to threat. 

Connect

At Proxime, we are conscious that your company may now be looking to take the necessary steps to recruit staff with additional cybersecurity skills on a temporary or permanent basis. That’s why we’ve created a network of talented cybersecurity professionals who are ready to assist with your cybersecurity needs, for total peace of mind in difficult 

times. You’ll be in excellent company; to quote one of my clients: “Working with David is always easy. He’s highly professional and has a great network. I wouldn’t hesitate to work with him in the future”. 

When considering something as business-critical as cybersecurity, it’s vital to talk with an expert. Get in touch today to talk about how we can help you enhance your cybersecurity and protect your business and employees from the effects of cybercrime. If you would like to chat through your requirements in confidence, please give me a call on 07770 117906 or email me directly at david.gadd@proximesearch.com

About the Author – Assisted in writing this article by: Brand Workshop Limited & Rowan Martin Copywriting 

David Gadd 

Director of Talent – Cybersecurity 

David Gadd has been involved in Cybersecurity and IT recruitment for over 30 years, both in the UK and in Canada. He thrives on finding the very best opportunities for clients and candidates, as well as connecting professionals through his extensive Cybersecurity and Emerg Tech global network. Throughout his career, David has built a loyal network of cybersecurity professionals across all skillsets, particularly at CISO and senior management level. Therefore, when he is engaged to establish the best person for the role, he leverages his experience, knowledge and relationships. 

David has also completed various specific industry courses including: Understanding Data Protection and Data Security, GDPR Level 2 and ISO 27001:2013 Information Security Management System. 

Citations

1 VMware. 2020, July 14. Vmware Releases Cybersecurity Threat Survey Report Detailing Increased Attack Volume And Breach Levels In The United Kingdom | UK. https://www.vmware.com/uk/company/news/updates/vmware-carbon-black-global-threat-report-release.html 

2 Kelly, C. (2020, September 13). We reveal the biggest data breaches of 2020. https://www.commsmea.com/business/trends/22392-we-reveal-the-biggest-data-breaches-of-2020 

3 Stupp, C. (2020, May 12). Security Chiefs Look to Justify Cybersecurity Costs During Business Downturn. https://www.wsj.com/articles/security-chiefs-look-to-justify-cybersecurity-costs-during-business-downturn-11589275802 

4 Girls just wanna have fun-damental cyber security knowledge. (2020, September 4) 

https://www.ncsc.gov.uk/news/girls-just-wanna-have-fundamental-cyber-security-knowledge

5 Zorz, Z., & 3, S. (2020, September 03). Which cybersecurity failures cost companies the most and which defenses have the highest ROI? https://www.helpnetsecurity.com/2020/09/03/cost-cybersecurity-failures/