Cyber security service provider SecureData has issued research statistics revealing that 34% of businesses would look towards the black hat community to compensate for any lack of in-house skills. Almost half (43%) of those surveyed at SecureData’s annual customer event in London also reported that an industry skills shortage is affecting their ability to adopt data-driven security, which 97% now believe is a prerequisite for any modern cyber security strategy.
The survey also reveals that, while 80% of organisations are responding to incidents in-house, only 8% feel they’re equipped to produce contextual threat intelligence – a core component of a data-driven cyber security strategy. To tackle this issue, two-thirds (61%) of businesses believe outsourced skills will be needed.
SecureData’s CEO Etienne Greeff believes it’s little wonder businesses are considering ex-hackers for in-house security roles. “The IT security skills shortage isn’t a new debate,” suggested Greeff, “but it has now reached a point where it’s critical for businesses to think like the bad guys in order to stay one step ahead of them.”
Away from the security skills saga, other prominent factors preventing organisations from adopting a data-driven approach include lack of time and resources (67%) as well as C-Level buy-in (25%) but, tellingly, not one respondent claimed they had no need for data-driven security.
“Firms are moving from reactive, device-led protection strategies towards proactive detection and response, empowered by intelligence-led visibility and control,” added Greeff. “That said, a mass of information isn’t intelligence. This raw data must be transformed by people with an offensive mindset and combined with processes and technologies to yield intelligence that’s both useful and useable.”
However, only 14% of respondents are already implementing data-driven strategies within their organisations. Despite almost all firms (92%) planning to adopt data-driven security, one third (33%) reported that implementation is still up to a year away, while even more (36%) said five years was a realistic timescale.
Greeff concluded: “In a world where every business is a digital business and no industry is safe from cyber attacks, it’s unsurprising that everyone is chasing the huge benefits of smarter security. From faster attack detection and response to a better understanding of threats, or the ability to focus resources on the risks that matter, data-driven security is our best hope for solving today’s cyber security deadlock, which is something that can only be achieved by security personnel being in tune with the black hat way of thinking.”
No notable signs of improvement
The 2015-2016 Cyber Governance Health Check has been released and shows that British companies are still not understanding the severity of the threat.
54% of UK directors who responded to the survey state that they only hear about cyber security twice a year or when there’s a security incident, showing little improvement from the previous year. The research also reveals that two-thirds of FTSE companies have been hit by a cyber attack in the past year alone.
Farida Gibbs, CEO and founder of Gibbs S3, commented: “This research once again displays that many decision-makers within business are not recognising the serious nature of the cyber security threat. It needs to be discussed on a more regular basis. Waiting until the damage has been done is an incredibly risky strategy. Cyber security is often perceived as being less business critical than implementing the latest digital innovations, but as evidenced by TalkTalk and Ashley Maddison, one severe breach can do incredible damage to a company’s reputation.”
According to Gibbs, cyber security is a constant battle between hackers and those working to prevent them from succeeding. As new security protocols and software are introduced, the hackers are constantly looking at ways to breach them, so having the right professionals working for your company is essential when it comes to safeguarding business data.
Gibbs added: “Although there are many good products out there, it’s the experienced cyber security professionals that will keep your systems up-to-date against the latest threat. It’s vital to be prepared and have the latest cyber security defences in place before anything occurs, rather than reacting after the damage has already been done.”