Retired IDF Unit 8200 Official and Cybersecurity Expert, Alex Aronovich, introduces six key insights on cybersecurity for 2018:
1. The market has gone from data security to IT security to cybersecurity.
This means that specializations are ever-evolving and that this trend will continue and diversify. We can expect to see companies asking for more and more specific expertise when hiring their cyber workforce. From penetration testing to cyber-intelligence to SOC monitoring, each discipline requires a very different skill set.
2. More technologies are focused on awareness.
Systems have become so complex and are frequently updated that it’s difficult for the necessary people to keep up with the learning curve. This continual setback hinders the rest of the organization from catching up, therefore systems are not properly or efficiently implemented. If employees don’t know what to ask for, they won’t ask at all. To combat this issue, system providers are investing more effort into training and education. However, these practices should not stop at training IT personnel – all employees should gain a better understanding of their workplace’s cyber capabilities and how to protect information. Cyber technology was thought to be enough to protect a network, but nowadays even cybersecurity systems are breached, and the approach should be more holistic.
3. There is not enough cybersecurity expertise.
Because of this companies are hiring external services to fill the void. Outsourcing to a third-party service has been a debated topic for years. The problem is, businesses are not taking the time to develop their current workforce, but instead choosing to outsource and save time. The cyber workforce is not only lacking, but the few new professionals joining the industry fall short when it comes to hands-on training. Cybersecurity professionals usually lack expertise in specific studies and tend to possess a very general knowledge of the cyberspace. These knowledge gaps in security also create difficulty when looking for qualified managers and mentors for employees.
4. More technology is not always better.
More technologies, more systems, and more service providers equal more mistakes. By adding extra security components to your network, your IT department ends up with an overly complicated infrastructure and an overwhelmed security team. When facing endless system management tasks for monitoring external attacks, you leave your team vulnerable to an even deadlier internal threat – the human error. All big data breaches in the last five years happened to companies that were spending millions on cybersecurity technology. So obviously something has gone wrong. It’s just not enough.
5. If you don’t understand the threat, do your best to avoid it.
The less your employees depend on the internet, the better. Knowledge of how hackers attack is lacking. Cyber experts are realizing that it is not necessarily critical to know who the enemy is, but really how they will attack you. If your workforce understands how to avoid those threats, they can mitigate a majority of human-enabled attacks. Reports indicate that roughly 95% of cyber-attacks can be avoided using teachable methods.
6. You can’t truly outsource cybersecurity.
Companies who excel at protecting their network and assets rely on their own talent and knowledge, not a third-party. Otherwise, an external company looking after all aspects of your network will only focus on external threats. Can you really trust them not to miss? By using external services, you truly can free up your IT resources, but that doesn’t mean there aren’t downsides. The most obvious one is the commitment to your organization and lack of on-site presence. My final thought is – if you want to sleep well at night, develop your current workforce and provide them with quality cybersecurity education.
Originally shared on LinkedIn.