As the need for cybersecurity awareness increases across the entire business landscape, so does the need for strong programs and a trained and competent workforce. This affects everyone in at least two ways. First, you need to have a designated leader in place who facilitates the program, and second, you need to ensure that the entire team is strong and informed in their skill set when it comes to ensuring that they are behaving in ways that reinforce the program set in place.
COVID-19 put all of this on the fast track with cybercriminal activity on the rise and a work from home structure in place that was not only rolled out quickly, and perhaps without proper considerations, but also made it harder to manage the people in various locations, using different hardware to do their jobs.
A third factor is the lack of a workforce willing to take on jobs that are in the cybersecurity sector. With an increase in the need, you would want the demand to be met, but the workforce that is available tends to be interested in using their skillsets for different jobs. A recent discussion with Casey Ellis reviewed how the need for bug bounty hunters increased with COVID-19, and the demand was being met more easily than filling those roles in traditional cybersecurity jobs.
Bug bounty hunters are basically hackers hired for good. Companies bring them in to expose weaknesses within their systems so that they find them before the ‘bad hackers’ do – and wreak havoc on the business. These jobs can pay lucratively and are often seen as more ‘fun’ and require less schooling or official certifications.
How to Remedy
Businesses will pay for insurance premiums, security systems on their buildings, and even budget a lot for interior décor or office furniture (ok, not always, but sometimes…). A budget is set aside for a company holiday party or picnic. A solid end-to-end cybersecurity program HAS to be as important as all of these things, if not more. The chances of not surviving a breach increases as quickly as the chance of it happening and the business world must acknowledge that including a budget to address the issue as a whole must be part of their plan. That means more than hiring a bug hunter, or “friend of a friend who fixes computers” to maintain their network. Put the emphasis on the individual within the team, someone who is permanently part of the team, with an ongoing plan for education, training, and maintenance. The role of cybersecurity lead cannot be the office admin who does this when a flier comes in the mail and they are reminded to change passwords. Even if a company has the budget to keep someone on staff full time, hiring an MSP for continual support is ideal as they can provide an all-encompassing menu of solutions to the variety of a business’s needs and can work with the individual assigned to oversee cybersecurity.
All businesses, regardless of their industry, staff size, or budget, need to put cybersecurity at the top of the list and hire the right people in whatever capacity they can to keep their business secured. Yes, demand exceeds the supply right now, but there are solutions that can be found within the options available. Business leaders must continue to create the demand and place value on the individuals who can fill the jobs. It may be a slow overhaul, but just like you’ll find with a strong cybersecurity program, consistency is key!