The following article was written by Raymond Craig. Raymond is a keen follower of tech legislation and is copywriter for a number of financial technology (FinTech) companies focusing on the new age of banking. When unplugged Raymond writes about the non-techy world of surfing.
Despite the growth in cyber-attacks IT spending budgets are not growing to match the escalating threat. Only 3% of capital expenditure is focused on IT security with 49% of businesses delaying cloud deployment due to cyber-security skills gap.
The results from Indeed’s global IT study revealed that just 32% of the cyber security jobs posted in the UK did not have enough candidates to fill them; a skills gap that has grown 5% in the last two years.
The ongoing threat, punctuated weekly with cyber-crime headlines further outlines that companies of all sizes are failing to prevent these attacks. The Houses of Parliament was breached due to the use of weak passwords that did not conform to Parliamentary Digital Service guidelines. Was that down to staff shortage or investing in the wrong security vectors and failing to see the threats ahead?
The business of security
PWC report identified where the areas of business security spending are focused. These include 53% of UK companies choosing to invest in security for the Internet of Things (IoT) and 33% focusing on Artificial Intelligence (AI) and machine learning security.
Looking at the first area of spending, IoT is predicted to reach 200 billion connected devices by 2020 in a market place that the IDC Research believes will be worth $7 billion. AI may be on the a frontline of defense in customer protection from cyber-crime due to the technologies ability to collect and analyse vast fields of data and quickly identify threats. In the long-term AI may be leading the security frontline and reduce the concerns about growing cyber staff shortages. But we are not there yet. What is the short-term solution?
Staff training for frontline defense
UK Governments’ 2017 Cyber Security Breaches Survey revealed that cyber-attacks were often linked to human factors, highlighting the importance of staff awareness and vigilance. However only 33% of companies sampled had a formal cyber security risk plan with only 20% of staff receiving or attending cyber security training sessions.
Despite the source of the research, the Parliamentary breach was a clear example of staff negligence, leaving the door open to today’s cyber equivalent of the cat burglar. Phishing for weak passwords is the kind of negligence that, with the new General Data Protection Regulation (GDPR) due to be in place by 2018, could result in a 20 million Euro fine for businesses compromising EU citizen data.