In 2017, it’s no longer a question of if a hacker will make an attempt on your business, but when. Cyberattacks have been making bigger and more frequent headlines, and it has sparked more organizations to increase their cybersecurity efforts. Unfortunately, the IT skills gap is even more pronounced when it comes to the security niche, with 82% of IT decision makers experiencing a shortage of cybersecurity skills. Demand for talent is higher than ever, as the following cybersecurity trends are rapidly impacting IT hiring.
Ransomware draws the biggest headlines in the cyberattack family, and for good reason. Costing organizations an estimated $1 billion last year, these attacks have been evolving rapidly in order to find new and stealthy ways to take an organization’s data hostage. Some ransomware software is now designed to work offline, increasing the difficulty of preventing attacks.
Most recently, the WannaCry attack was the largest ransomware attack in history. Hitting hundreds of thousands of machines in over 150 countries, it affected hospitals, schools, public infrastructure, private companies, and more. Targeting computers running outdated operating systems, the attack didn’t even require human interaction to work. While the devastating effects of this latest, most severe attack are still being analyzed, the impact on IT hiring is immediate.
Such an unprecedented cyberattack instantly drives up the demand for knowledgeable IT security talent, making the small pool of expert candidates even smaller and less available. Even though WannaCry did not require user action to infiltrate company networks and computers, it still could have been prevented by keeping software updated. Had those victimized organizations had the right IT security resources and staff, they could have recognized dangers early and updated applications as necessary to stay safe. Regrettably, when it’s hard to find the right talent hiring gets delayed, and it leads to continuing operations in a risky environment.
There is no magic button that an IT security expert can push that will prevent all cyberattacks. Fighting cyber threats is a fluid process, forcing the need to shift courses often even if the best prevention has already been undertaken. Outside of the major types of attacks, hackers are constantly looking to exploit little-known vulnerabilities lurking in software, hardware, and even everyday seemingly-harmless items.
Examples of such attacks are endless and often surprising. A flaw in popular Intel chips went unnoticed for seven years, and allowed for hackers to remotely take over machines and even power them on if they were off. Likewise, job portal pages have been discovered as corporate weak points and have served as points of infiltration for those with malicious intent. And then, of course, are the widespread threats inherent in the Internet of Things revolution. During a cybersecurity conference, an 11-year-old recently demonstrated how he could use his smart teddy bear to hack the Bluetooth-enabled phones of those in attendance, shocking the crowd.
Given this small sample of tiny vulnerabilities that have the potential for massive problems, it’s clear why cybersecurity talent needs to be so specialized. It’s not enough for a candidate to recognize when operating systems, servers, or networks are dangerously out of date or to know which company IoT devices are unsecured. They have to know how to spot vulnerabilities before they become widely known, and especially before their organization is victimized. Every exploit and vulnerability that makes the news drives fear into more business leaders, resulting in increased hiring competition that makes it harder to find the cybersecurity talent you’re looking for.
The prevalence of cell phones and tablets has increased productivity as employees are easily connected to work when out of the office, but with this gift comes the curse of added threats to cybersecurity. Studies show that half of mobile devices are at risk of exposing sensitive corporate .... Whether they connect to company wifi, run an email app, or access the company’s cloud from home, employees’ phones present difficult threats to safeguard against.
Even if it isn’t business data hackers are going after as they seek to steal consumer identities, credit cards, and personal information, you can be certain they will digitally break into your business if the opportunity presents itself. For IT hiring managers, this only serves to further complicate matters. Not only is the perfect cybersecurity candidate one that can prevent widespread ransomware attacks and spot vulnerabilities in advance, but they also need experience in mobile/app security. As the cyberwar moves to mobile channels, such talent will be extremely difficult to locate.
As the state of cybersecurity shifts, so too does the IT jobs landscape. 71% of IT leaders say the cybersecurity skills shortage is causing direct damage to their business, and the creation of new roles such as Chief Cybercrime Officer underscores the importance of having a strong defense. Today, those with ill intent can simply download malicious software like a ready-made weapon. Hackers may not need experience, but your organization does to protect from them, and that experience is rare.