It is European Cyber Security Month (ECSM), so prepare to be inundated with the usual scaremongering social posts about the rise of cyberattacks. But I propose something slightly different. While there is plenty to frighten even the most experienced CEO, it’s also time we talked about the impact of digital transformation on cybersecurity.
According to ISACA, a non-profit information security advocacy group, there will be a global shortage of two million cybersecurity professionals by 2019. Not surprisingly, this news is making CEOs nervous, which is why finding cybersecurity professionals is now the top growing organisational priority. Compounding this challenge is the fact that 67% of cybersecurity professionals believe they do not have the time to keep up with Technology & Developer (Tech&Dev) training and development.
The net result is that unless organisations start looking for innovative ways to recruit, hire and train the relevant talent, the problem will become an enterprise-wide one rather than just a Tech & Dev one.
Although CEOs may talk about prioritising cyber talent acquisition, the reality is many do not understand the full financial implications. My advice to anyone encountering resistance is to recommend that the person in question reads The Real Business Drivers of Data Compliance. This will quickly dispel any misconceptions about security breaches and the risk they pose. Alternatively, share this little nugget of information with them.
In 2015, the Talk Talk Telco attack saw organised cybercrime accessing 156,959 customers’ details. The company was fined £400,000, which may seem like a small sum, but the cost of security systems/software mitigation was over £40 million. Now that’s a number guaranteed to generate some attention.
The impact of digital transformation
As the digital transformation of the workplace continues, the future of work is increasingly about the next technological advances and less about the people using these technologies. Digitalisation, mobility, artificial intelligence, social media & collaboration and analytics have changed the way we engage and work as well as the trajectory of careers. The impact of this to Tech & Dev means changing roles, new titles and the rise of different employee structures that are shifting the daily routine.
The trend for DevOps-type cultures, which I explained in detail in Dev-Ops–Out of the IT Shadow, is that we are now seeing the emergence of a continuous and natural focus to both transformation and security. This cybersecurity transformation trend is of such importance that CIO conversations are focusing less on the technology and more on behaviours such as resilience and diversity. Or, as Dr. Maria Milosavljevic, NSW Government Chief Information Security Officer (GCISO), puts it “People will get tired of hearing about security. CISOs need to keep going anyway and keep doing what needs to be done. Resilience is setting your sights on what ‘good’ looks like and moving forward.”
What is cybersecurity transformation?
In its most basic terms, cybersecurity transformation is the rearrangement of how we operate and function within an organisation. It’s about adopting the mentality that “all employees wear many hats” but also has an in-depth knowledge of a specific subject. It means everyone is responsible for cybersecurity, or as Steve Townsley, senior cybersecurity manager, Transport For London, believes, each employee needs to recognise their specific contribution to protecting the organisation.
Carl Nightingale, director, cybersecurity services for CGI, sees another reason for this shared responsibility. At a recent RANT Forum, he put forward the idea that due to the severe skills shortage it is no longer practical to look at the career history of a security professional candidate and instead look for talent who possess a willingness to adapt and work across multiple functions.
Skillsoft is trying to promote a mind-set of versatility, diversification and adaptability. These are attributes recognized as essential for cyber professionals so they can create technology in a more collaborative fashion. In other words, the “shape” of employees will change to adapt to the new digital workplace.
What is the new “shape” of digital employees? Skillsoft sees the “T-shaped employee” as required for a true transformation to occur. An overview of this new skill profile, which is adaptable and versatile, is below.
The idea is that everyone in Tech and Dev sits across the horizontal bar to get a broad understanding of what’s on trend with specialists moving down the vertical to pin-point specifics. This collaboration allows for improved monitoring and reactions to events occurring throughout the workplace. It’s an extra pair of eyes to spot potential threats and then coordinate with the relevant security experts across the disciplines.
To assist organisations train and prepare employees for cybersecurity transformation Skillsoft’s cybersecurity portfolio includes topics like Digital Resilience and Hackers Perspective. The portfolio also includes a list of cybersecurity certifications, including CompTIA CSA+, an internationally recognized professional qualification created to fill the gap in cybersecurity credentials and address the unique role of the cybersecurity analyst.
Here’s a sample of one of our courses designed to accelerate cyber defense across your organisation.
Christopher Sly is a Solution Principal, IT & Digital at Skillsoft EMEA.