The cost of living crisis is affecting us all. Energy bills are soaring, petrol prices have reached record highs and, as the BBC reported this week, even the humble cheese sandwich has been struck by inflation.
Despite these rising costs, one area that remains unchanged is digital transformation. Organisations worldwide are investing in technologies at an unprecedented rate, with an IDC study published last year reporting that digital transformation spending is expected to hit $3.4 trillion (£2.73 trillion) by 2026.
These estimates are driven by organisations’ desire to automate projects and to make better use of technology. Much has been made of ChatGPT and the ability for artificial general intelligence to radically alter or replace a variety of content-based roles, from writing to coding.
Elsewhere, Mark Zuckerberg is insistent that the metaverse can reshape workplace collaboration in an era of remote working, while other business leaders look for practical solutions to the challenges that a post-pandemic world presents.
How can teams talk and share information productively? Will remote workers suffer from their isolation in the long term?
Amid all this, organisations continue to struggle in their attempts to find skilled personnel to oversee these practices. It’s all well and good automating processes, but you still need people who know what they’re doing to manage your requirements.
It’s an issue among many industries, but it’s particularly acute in the cyber security sector – where the growing use of technology has propelled a demand for expertise that far outstrips the number of people entering or advancing their position in the field.
Mounting danger
The concerns regarding the cyber skills gap was neatly summarised in a recent World Economic Forum article written by Rob Rashotte, the vice president of global training and technical field enablement at Fortinet.
He noted that “short-staffed security teams and those lacking senior-level professionals make it difficult for organizations – regardless of industry or sector – to safeguard their assets from threats, resulting in tangible consequences”.
Rashotte pointed to a Fortinet report that found 80% of organisations fell victim to a cyber attack last year, 48% of which said that sensitive data had been stolen. In those instances, organisations spent $1 million (£800,000) on average remediating the damage.
This trend is expected to worsen, as organisations’ increased use of technology creates more opportunities for cyber criminals to strike.
We have already seen a 12.7% rise in publicly reported data breaches in the first quarter of 2023 compared to the previous three months, and many organisations are expecting a barrage of attacks – which might include potentially devastating fallout from growing geopolitical instability.
The World Economic Forum’s Global Cybersecurity Outlook 2023 report found that 86% of business leaders and 93% of security leaders believe that growing political tensions – which often play out in cyberspace – could lead to a catastrophic cyber event within the next two years.
This worrying prediction comes alongside a warning from the new deputy prime minister, Oliver Dowden, who said that UK businesses are on the frontline of the country’s cyber security defences and they must defend against cyber criminals who intend to destroy critical infrastructure.
Speaking at the CyberUK conference in Belfast, Dowden said that these groups are “ideologically motivated rather than financially motivated” and their goal is to “disrupt or destroy” their targets.
The criminals he’s referring to are most likely Russian state-sponsored hackers, who have consistently targeted the country’s political adversaries since the invasion of Ukraine.
Responding to these threats, the National Cyber Security Centre has issued an official threat notice to help protect the county, while Dowden told the conference he was urging “companies in charge of keeping our country running, of keeping the lights on [to] take their own security seriously”.
He added: “A bricks-and-mortar business wouldn’t survive if it left the back door open to criminals every night. Equally in today’s world, businesses can’t afford […] to leave their digital back door open to cyber crooks and hackers.”
What should organisations do?
In preparing for cyber attacks, organisations have tended towards technological defences. This might be because they think its simpler or more effective than other methods, or because the cyber security skills gap makes it seemingly impossible to find a qualified candidate at an affordable salary.
But there are options available to organisations beyond hiring a new employee. For instance, rather than employing an existing expert, organisations could build an internal security team and encourage employees in security-adjacent roles, such as IT, to take cyber security training courses.
An organisation’s ability to retain and upskill its staff is crucial to its long-term success, with 95% of security leaders saying that industry certification programmes have positively affected their operations.
If you think you or someone one your team is ready to take the next step, IT Governance offers a range of training options, including our Certified Cyber Security Foundation and Practitioner training courses.
We also offer specialised courses on the GDPR and the international standard for information security, ISO 27001.
Plus, by booking one of these options before 30 June, you’ll receive another selected course worth up to £315 free.
The post World Economic Forum: Organisations Must Invest in Security as ‘Catastrophic Cyber Event’ Looms appeared first on IT Governance UK Blog.