Cybersecurity: When Failure Isn’t an Option

The impact of COVID-19 on the cyber security industry has been severe, and the list of effects so far is by no means exhaustive. With businesses moving to hybrid and remote models of working, the Cloud is growing. However, with the Cloud growing, cyber security threats are following suit. The WEF has listed cyber security failure as a critical threat in the next 0-5 years. So what exactly is happening, what are organizations doing to combat this, and what does this mean for the industry?

It’s no secret that cyber security threats increased in 2021. In the Malwarebytes 2022 Threat Review, any dips were seen in malware and email threat detections (for both Windows and Mac) during 2020 were rebounded and surpassed in 2021. It’s a phenomenon that’s been dubbed the ‘COVID bounce’. In addition, a NetScout report announced that there were 9.7m DDoS attacks in 2021. The statistics are clear: the threat is current, and the move to cloud-based technology solutions has played its part. A Gartner 2022 report lists ‘attack surface expansion’ as one of the key cyber security trends to watch out for in 2022. Put simply, with so many more digital assets and platforms, including cloud applications, businesses have expanded the possible avenues and become much more vulnerable to cyber-attacks as a consequence.

Jeremy Fleming, Director of GCHQ, claims that recent global events, including COVID-19 and the Russian attack on Ukraine, have exposed how vulnerable we are, and identified gaps in national cyber security strategies. The Cybersecurity and Infrastructure Security Agency (CISA) made up of the US, UK, Australia, Canada and New Zealand, has issued stark warnings about the threat to businesses and national critical infrastructure from nation-state actors. President Biden has even announced an 11 percent increase for cyber security in the US FY23 budget and his Software Bill of Materials aims to bolster the use of zero trust in the US software supply chain. These all show how cybersecurity has moved not just up the agenda but onto the itineraries of national leaders, and that technology is a vital part of our everyday lives, jobs, businesses, and the economy. To be able to harness digital acceleration safely, we need to invest in cyber security.

To put this into perspective even further, the Cloud Security Alliance (CSA) has launched the Countdown to Y2Q calendar. They’ve declared April 14th 2030 to be the day when a quantum computer will be able to break present-day cyber security infrastructure, otherwise known as the countdown to quantum destruction. It sounds dramatic, but the reason the CSA has created the calendar is to serve as a stark reminder to organizations that the threat is real. If we don’t invest in cyber security now, we risk becoming victims of our own design.

Organizations can take action, however, and some have already. Some of the giants of cloud technology have acquired cyber security businesses in the last 12 months, suggesting they intend to significantly expand into this area. Microsoft acquired CloudKnox Security (Cloud Infrastructure Entitlement Management technology) and RiskIQ (cyber threat intelligence and external attack surface management) in 2021, to join Microsoft Azure. Amazon Web Services (AWS) acquired Wickr, an encrypted communication technology service. Google have also just finished the acquisition of Mandiant (threat intelligence), for implementation into their Google Cloud service. These are all huge investments, both in monetary terms and in terms of sentiment, into the cyber security industry. They are setting an example for other organizations that dealing with current and imminent threats should be a priority.

In the March 2022 Moody’s report on global cyber security, there was annual growth in investment but gaps in preparedness. They also found that there were a high number of organisations, mostly public sector, that don’t have cyber security as a budget line item within their IT/Tech budget. Organisations with cyber security as a budget line item had typically made, and sustained, larger investments in cyber security. The report also found that cyber security had a higher budget and allocation of resources when the reporting structure within an organisation allowed for closeness between cyber security managers and the executive suite. If businesses want to invest in and prioritise cyber security, they should identify it as a standalone item within their IT budgets, and create more direct lines of communication between their cyber security managers and the upper tiers of their organisation.

Cyber security professionals are already in demand, with an annual shortfall of 14,000 staff in the UK alone, according to the latest report from the Department for Culture, Media and Sport (DCMS). The upward trend in prioritisation and investment in cyber security worldwide is encouraging. However, public and private organisations may find themselves with all the tools and no one to wield them. Some programmes are already in place to encourage people to start a career in cyber security, such as the CyberFirst programme in the UK and the UK Cyber Security Council is devising career pathways in a framework that should help professionals to develop their careers. Organisations are being encouraged to create better work environments and clear career pathways to retain security staff and support them into senior positions, but will this be enough?

Going forward, it’s clear there has to be an emphasis on people, process and technology and that we need to invest in all three in order to create effective cybersecurity. For cybersecurity, despite the current economic uncertainties, is not something any of us can afford to compromise on. 

Jamal Elmellas

Jamal Elmellas is Chief Operating Officer for Focus-on-Security, the cyber security recruitment agency, where he oversees selection and recruitment services. He previously founded and was CTO of a successful security consultancy where he delivered secure ICT services for government and private sector organisations. Jamal has almost 20 years’ experience in the field and is an ex CLAS consultant, Cisco and Checkpoint certified practitioner.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...