DEV Community

Salvietta150x40
Salvietta150x40

Posted on • Edited on • Originally published at ma-no.org

What Cybersecurity Professionals Have Learned From The Lockdown Experience

https://www.ma-no.org/en/security/what-cybersecurity-professionals-have-learned-from-the-lockdown-experience

The COVID-19 pandemic has radically changed the rules of the game for most companies and individuals in a very short time; it has also changed the international computing universe. Sudden changes in people's habits as well as in business operations have altered some of the elements that characterize cyber-risk. And this change has been recognised by cybercriminals, who have adapted to the situation by taking advantage of new opportunities.

The health crisis has highlighted widespread deficiencies in cybersecurity. The rush to implement teleworking, the multiplication of virtual interactions and an almost 50% increase in cybercrime during the pandemic have surprised a business network that was already distrustful of its resources to deal with new computer threats, according to the study 'State of Enterprise Secure Access' by IDG Connect and Pulse Secure.

Bitdefender says that globally, attacks targeting the supply chain, Internet of Things related attacks and cyber warfare actions have increased by 38% in each category during this period. Precisely for this reason it is not an exaggeration to say that cyber attacks are one of the most serious risks facing humanity in this 'new normal'.

The human factor, the weakest component

Imagine what could happen if all the traffic lights in a metropolis suddenly went out, the lifts stopped and the ambulances could no longer be directed to the right place to recover the injured. What's more, a cyber attack can deal a deadly blow to a company's credibility, it could even destabilise the stock market, block the gas supply or the municipal waste cycle. The resulting political and social scenario would be dramatic.

Almost always, the weak link in cybersecurity is the human factor, which represents the most unpredictable vulnerability of any computer system. It is the people who "sting" in a phishing or whaling campaign, who use the cat's name as a password, or who leave their children's mobile phone with which they access the company's network. These people are the first to open the door to cybercriminals.

And this is what the rapid migration towards the virtual and the cloud that the coronavirus crisis has led to has shown: there is a lack of contingency plans, monitoring and updated action protocols in the security systems that were used in extraordinary situations.

Since 2013, the European Commission and the EU High Representative have been calling on member countries to invest in digital literacy to educate citizens about safe use of the web. At the same time, from a professional point of view, trained specialists are needed to prevent, tackle and resolve any problems or emergencies that may arise in the field of IT security. In fact, one of the main reasons for the success of cyber-attacks is precisely the lack of adequately qualified professionals.

The commitment to specialised training

To reverse this trend, it is necessary to invest in training that should not be only technical, as the academic proposal of the IMMUNE Technological Institute. In the world of computer security, in fact, it is essential to acquire the technical and theoretical skills, but it is also essential to do so in an institution that is recognised for the qualification of professionals capable of operating at a national and international level. The Master's in Cybersecurity starts with very practical assumptions, developed by companies based on real cases, and combines them with an education in Data Visualization and Presentation Skills.

Mastering different aspects of cybersecurity is key to a company's success in implementing good practices in this digital revolution.

The lack of specialists in the field of cybersecurity is a problem that concerns all countries and is proportionally aggravated as society turns to the cloud. The latest study by the International Consortium for Information Systems Security Certification (ISC)², found that in Europe last year there were around 291,000 fewer professionals than the market demanded, with "only" 142,000 in 2018.

The lack of professionals and an expanding market

A huge job niche. In addition, companies are willing to pay higher than average wages due to lack of supply. In Spain, according to Infojobs, in 2017 there were almost 1,800 vacancies in cybersecurity compared to only 16 registered for each offer. And the situation in recent years has not improved. In fact, forecasts indicate that by 2022 there will be 1.8 million unfilled jobs worldwide, 350,000 of them in Europe.

The shortage of cybersecurity professionals increases the vulnerability of organizations and exacerbates difficulties in incident management. The side effects of COVID-19 underline that the world needs experts with solid skills capable of defining policies, strategies and programmes for protection and control to ensure the security of data, networks and systems; manage situations, events and people in the presence of cyber attacks; help create a culture of cyber security in companies and society.

More and more companies will have to indicate to their employees the need to start or deepen their training in the field of cybersecurity. Currently, risk management, infrastructure security and security design are the areas most discovered by the supply of professionals. In addition, several professional figures related to cybersecurity are now emerging, among them

  • Cyber Risk Manager

  • Security Administrator

  • Security Engineer

  • Security Architect

  • Security Analyst

  • Security Developer

  • Ethical Hacker

  • Machine Learning Specialist

Practice and 'soft skills

The CISO (Chief Information Security Officer) is one of the highest positions for those working in the field of cybersecurity. It is a managerial position that selects and monitors an organization's security-related initiatives and, to perform this task, must possess technological as well as relational and leadership skills. Similarly, you must know the core business of the organization and be able to manage a complex team.

It is a figure that brings together different strengths, not only technical, but also the so-called soft skills.

As the digital revolution advances, the type of skills required will change. If we know how to take advantage of this opportunity, we will be able to guarantee greater protection of citizens' privacy and, at the same time, of critical infrastructures. A global effort is needed to defend our economic and social health. Training and education in cybersecurity is an important part of this effort.

Top comments (0)