Current Cyber Security Status
On December 2018, Forbes posted an article, predicting how Cyber Security will be in 2019. With various cases like Media Prima being hit by ransomware, or Marriott Hotel’s series of data breaches, one can easily see how important cyber security will be in the coming future.
The evolution of Security Skills
Today, Security is at the top of mind for many companies, especially in this digital driven era. Many companies rely on technology to run their businesses. Basically, Cyber Security skills has evolved from “good to have” to “must have”.
Security is a growing Business Imperative
With the increase of investment in technology by companies, so is the importance of Cyber Security. To put it this way, the more convenience the technology brings, the more vulnerable it will be. Companies that invested heavily on technology knows this theory and therefore starting to treat Cyber Security as a standalone discipline and putting it as high priority objectives.
New training is needed to close skill gaps
With the increasing awareness of companies on Cyber Security, the demand for skilled Cyber Security Professional increases exponentially, estimated 37% per year growth in job demand to be exact. Some company compensate the lack of supply by partnering with Cyber Security firms or upskilling their existing workforce. 60% of companies send their workforce for Cyber Security training and 48% of them pursue for certifications.
Security skills need to be deep and wide
For many of this companies (between 18% to 32%), knowing is not enough. There are a wide range of skills that these companies are expecting from their Cyber Security Professionals. They are expecting a significant improvement from their existing security expertise and their new aim for their security goal is not to be impenetrable, instead is to proactively find cracks in their armour before attackers discovers it.
Download the whitepaper to read more about the evolution of cyber security skills.
Building a Culture of Cyber Security
Having a professional Cyber Security expert is not enough, it takes more than that to protect a company’s Cyber Security. As what Warren Buffett said, Cyber Security is the number one issue facing humanity. Therefore, Cyber Security is not just IT’s problem, it’s executive-level problem. Uber, Target, Equifax, Dyn are just some of the name that get affected by Cyber Attack. For that, Company need to build a corporate culture that take Cyber Security seriously.
There are few principles to follow in order to build a cyber security culture in your company.
Principle 1: Integrate Cyber Security into your business strategy
A company’s leader should measure the value of Cyber Security accurately and that message need to convey to everyone in the company. It should be one of the mission-vision of the company to keep the company safe from Cyber Attack. As you may probably know now, it’s impossible to have an impenetrable network, the only think that one can do is to make sure everyone knows about the important of Cyber Security and practice the steps to prevent it happening. to show a good example, J.P Morgan Chase, a Finance powerhouse, double their Cyber Security budget to half a billion dollars and Microsoft plan to invest $1 billion annually on cyber security research and development.
Principle 2: Your corporate culture should reinforce a culture of cyber security
Many companies are starting to have CISO, that is Chief information Security Officer. Previously, CISO report to Chief Information Officer (CIO), but now, CISO direct report to CEO in order to improve efficiency. That is because CIO main focus usually is on efficiency and accessibility, whilst CISO main focus is to identify the security vulnerability. Booz Allen Hamilton, a military and business management consulting firm, even have their CIO report to CISO, in order to show the importance of cyber Security.
Principle 3: your employees are you biggest risks
Believe it or not, research shows that IT employees are actually the most like person to engage in cyber security risk. This shows that training for every employee who have access to the network is crucial. Even the most basic anti-phishing program will bring 7-fold return of investment for the company. For that, never underestimate the training for your employees, and don’t just limit to only your IT guys, it should be a compulsory course for all your employees who have access to your network.
Principle 4: Detect, Detect, Detect
It is important to know that, detecting is more efficient that preventing. Many companies focus more on preventing instead of detecting. Yes, prevent is crucial, but detect is important as well. It is advisable to frequently conduct penetration testing (Pentest) to discover security vulnerability. Only with that, one can know what is wrong and what will go wrong. Pentest is considered as white hacking, that is hacking a system legally. A very famous exercise to conduct Pentest is the “red/blue team” exercise. The red team will be those pentest experts whilst blue team will do their best to detect and defense.
Principle 5: Collect what you need, share only what you have to
Often time, data breach happens on those businesses that have no need for the data at the first place. It’s like keeping something you don’t need that might bring you trouble. Manager often give order to collect as much data as possible, without knowing exactly how to use those data and how to use it the right way. Sharing data is also a problem leader need to take serious action on. Data shared online are the easiest to breach, since it is up there for anyone to grab. Therefore, sharing only the necessary is also something a company need to incorporate into their culture.
Download the whitepaper to read more on how to build a cyber security culture.
All and all, human factors are the weakest point in cyber security. It’s that one simple click on the link that result in catastrophic disasters. Therefore, it is crucial for a company leader to send out the message to whole company, that cyber security is one of the major focus of the company and should be taken seriously. Right training for the right users is important as well, so that each and every one of them knows their role in protecting the company’s security.
Learn more about Comptia Cyber Security Courses