Symantec CEO, Michael Brown has been quoted as saying that the global demand for cyber-security professionals is set to grow to six million by 2019 with the shortfall expected to be around 1.5 million, an issue of specific concern for the telecoms industry given the sensitivity of the data being handled.
Measures introduced by the UK Government, including Cyber Essentials, a programme aimed at providing basic cyber-security awareness at quickly and cheaply for SMEs are laudable and should be continued.[1] However, these initiatives are decidedly insufficient when it comes to combating modern Advanced Persistent Threats (APTs) which threaten British businesses. In 2015 alone, Ashley Madison, TalkTalk, Harvard University and the IRS have all be victims of sophisticated and damaging hacks.
Farida Gibbs, CEO and Founder of Gibbs S3, the hybrid IT consulting and staffing solutions company commented “The range and severity of threats, coupled with the desperate shortage of skilled staff means that the majority of British telcos are fighting an increasingly complex war with clearly insufficient resources. This issue is compounded by the fact that standing still is not an option – firms need to be far more proactive in beefing up their digital defences as the hackers who are looking to get in are constantly evolving and mutating their attacks.”
The dangers are not limited purely to larger companies either. Recent research from KPMG has found that 70 per cent of SMEs can do significantly more to protect sensitive client data. It is a truly worrying statistic when considering that the same research found that 94 per cent of enterprise procurement departments considered cyber-security protocols to be a key factor in deciding which suppliers to use. The inability for small firms to provide adequate cyber-security protection is now causing small businesses significant revenue losses, an untenable state of affairs.
Punam Tiwari, Senior Legal Counsel and Data Protection Specialist at Gibbs S3 said “We’ve now seen CEOs of major companies lose their jobs because of cyber-attacks which should be a serious wake-up call about the consequences. Companies should start from the assumption that their systems have been infiltrated by criminals and operate on that basis, yet many businesses are simply failing to act. Companies can no longer afford to casually dip in and out of the market, assuming that they will find qualified people when they need them. There needs to be a greater commitment to data protection and cyber-security training across the UK with businesses also carefully assessing and planning how they will bring on cyber-security experts at a moments notice – whether that is for a crisis scenario or not.”