How would your business cope if it were taken offline for a week? asks Dan Davies, pictured, CTO at the cloud and managed services company Maintel.
This could affect clients, reputation and could cost a huge amount in recovery. This is an everyday possibility for businesses, as the threat of ransomware attacks is a reality in the modern world. For instance, this is exactly what happened to trading group Ion last month, as they recovered from a ransomware nightmare.
Financial leaders know the threat of cyberattack is ever-present and ever-growing. As the Bank of England reported late last year, cybersecurity is the number one risk for financial institutions. The impact of remote working has led to a rise in ransomware hacks, while a surge of DDoS attacks linked to the Russian war on Ukraine has all contributed to an increasingly threatening cyber landscape.
However, as cyber complexity rises, we also see a trend of “brutal” job cuts across the sector, threatening vital roles in already-stretched cybersecurity teams. Cost-cutting is being cited as the driver behind a growing number of security leaders and engineers being cut from headcounts.
This is a stark turnaround from previous years’ trends which saw organisations struggling to hire the required cybersecurity skills, leading to a vast leap in cyber salaries. In our turbulent economic climate, it might be tempting, therefore, to see cybersecurity as an area ripe for trimming. As Joseph Thomssen, a senior cybersecurity recruiter at NinjaJobs, recently told SecurityWeek, “Many of these layoffs in cybersecurity seem to be short-term attempts to save money.”
This is a very dangerous tactic. Firstly, firing staff in the short term will make re-hiring much harder. Reputation as an employer is damaged easily, especially within cybersecurity which is a close community. In the UK, where there is a severe cyber skills gap, fire and rehire is not a viable option and this has been compounded by news of the closure of programs such as the Tech Nation visa scheme, which supported overseas talent to bolster the UK’s cybersecurity workforce. Fire now, regret later.
Short-term fixes are not the answer
Cyber teams are already struggling, and as cuts are made, the remaining team is left to pick up the slack – doing even more with even less. As uncovered by the Information Systems Security Association (ISSA), over half of organisations are being impacted by a lack of cybersecurity skills, with the result being an excessive workload for existing talent. Nearly four in ten cybersecurity professionals say they have experienced burnout due to the pressures of increasing risks and lack of support. When teams are understaffed and burnt out, cyber risk only increases, which can have devastating consequences for individuals and organisations alike.
In the face of expanding threats, rather than shrinking cyber teams, financial organisations should consider investment in strategies and tools to support them. For example, working with managed security partners can remove the burden of identifying and mitigating risk and reduce the attack surface, securing data, applications, systems, and devices at all times. With real-time threat intelligence utilising AI and ML, such partners free in-house cybersecurity teams to focus on supporting broader, strategic initiatives. As such, an MSP provides scalable security options based on organisational requirements and the cyber teams’ size, skillset and important strategic drivers.
For example, while cyber risk is rising, financial organisations are also undertaking rapid digital transformation, from online trading to mobile banking, digital currencies and app proliferation. Increasing cloud adoption and integration of SaaS offerings moves critical business assets outside of the traditional network perimeter. According to ISSA, those making this shift to the cloud find it even more challenging; 39pc of organisations struggle to fill cloud computing security roles. While digital transformation has countless benefits for businesses, we must remain conscious of the cyber risks associated with cloud adoption.
With financial institutions a prime target for malicious actors, cybersecurity is now a core driver for financial institutions, but beyond that, it is also fundamental to supporting innovation. With increasing regulatory requirements and soaring customer expectations, the need for transformation and innovation to be built on a secure base is fundamental.
As Candy Alexander, board president of ISSA International, warns, “Cybersecurity is seen as a cost centre to the business – something you have to do, but only to a minimal degree, like paying the light bill. We need to shift the conversation to aligning our security programs with the business.”
Rather than short-term fixes for the problem, business leaders should consider smarter, long-term investments to strengthen security teams, since making short-term cybersecurity cuts to the organisation will only lead to long-term risk and potential losses. This doesn’t necessarily mean forking out for extra talent, but rather exploring how to support and maximise existing teams to perform at their best. Squeezing security teams and piling on more pressure will only increase long-term risks and could damage the whole company.
