“Hacker skills in demand by British businesses” according to SecureData market research

SecurityandRiskManagement - CopyCyber security service provider SecureData has issued research statistics revealing that 34% of businesses would look towards the black hat community to compensate for any lack of in-house skills. Almost half (43%) of those surveyed at SecureData’s annual customer event in London also reported that an industry skills shortage is affecting their ability to adopt data-driven security, which 97% now believe is a prerequisite for any modern cyber security strategy.

The survey also reveals that, while 80% of organisations are responding to incidents in-house, only 8% feel they’re equipped to produce contextual threat intelligence – a core component of a data-driven cyber security strategy. To tackle this issue, two-thirds (61%) of businesses believe outsourced skills will be needed.

SecureData’s CEO Etienne Greeff believes it’s little wonder businesses are considering ex-hackers for in-house security roles. “The IT security skills shortage isn’t a new debate,” suggested Greeff, “but it has now reached a point where it’s critical for businesses to think like the bad guys in order to stay one step ahead of them.”

Away from the security skills saga, other prominent factors preventing organisations from adopting a data-driven approach include lack of time and resources (67%) as well as C-Level buy-in (25%) but, tellingly, not one respondent claimed they had no need for data-driven security.

“Firms are moving from reactive, device-led protection strategies towards proactive detection and response, empowered by intelligence-led visibility and control,” added Greeff. “That said, a mass of information isn’t intelligence. This raw data must be transformed by people with an offensive mindset and combined with processes and technologies to yield intelligence that’s both useful and useable.”

However, only 14% of respondents are already implementing data-driven strategies within their organisations. Despite almost all firms (92%) planning to adopt data-driven security, one third (33%) reported that implementation is still up to a year away, while even more (36%) said five years was a realistic timescale.

Greeff concluded: “In a world where every business is a digital business and no industry is safe from cyber attacks, it’s unsurprising that everyone is chasing the huge benefits of smarter security. From faster attack detection and response to a better understanding of threats, or the ability to focus resources on the risks that matter, data-driven security is our best hope for solving today’s cyber security deadlock, which is something that can only be achieved by security personnel being in tune with the black hat way of thinking.”

No notable signs of improvement

The 2015-2016 Cyber Governance Health Check has been released and shows that British companies are still not understanding the severity of the threat.

54% of UK directors who responded to the survey state that they only hear about cyber security twice a year or when there’s a security incident, showing little improvement from the previous year. The research also reveals that two-thirds of FTSE companies have been hit by a cyber attack in the past year alone.

Farida Gibbs, CEO and founder of Gibbs S3, commented: “This research once again displays that many decision-makers within business are not recognising the serious nature of the cyber security threat. It needs to be discussed on a more regular basis. Waiting until the damage has been done is an incredibly risky strategy. Cyber security is often perceived as being less business critical than implementing the latest digital innovations, but as evidenced by TalkTalk and Ashley Maddison, one severe breach can do incredible damage to a company’s reputation.”

According to Gibbs, cyber security is a constant battle between hackers and those working to prevent them from succeeding. As new security protocols and software are introduced, the hackers are constantly looking at ways to breach them, so having the right professionals working for your company is essential when it comes to safeguarding business data.

Gibbs added: “Although there are many good products out there, it’s the experienced cyber security professionals that will keep your systems up-to-date against the latest threat. It’s vital to be prepared and have the latest cyber security defences in place before anything occurs, rather than reacting after the damage has already been done.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts