As I approach the end of my second month as the Deputy Editor at Infosecurity Magazine, I feel now is a good time to take a short breather and reflect on what the last several weeks have taught me about an industry that, two months ago, I knew very little about.
When I say very little, I knew what McAfee Antivirus was and I was aware that ‘bad guys’ will sometimes send you an email in the hope you will click on the attachment, opening the doors to your bank details allowing them to go on a wild spending spree with your hard-earned cash – and that was about the sum of it.
In saying that, I have tried not to view my lack of cybersecurity knowledge as a hindrance; on the contrary, I believe it has given me the opportunity to dive headfirst into a fast-moving industry with no preconceived perceptions and just see it for what it is.
I’ve visited conferences, shared tables with people whose passion for the industry is humbling and learned invaluable lessons from security journalists whose experience vastly eclipses my own. I will be the first to admit that much of this has left me with more questions than answers, but I don’t view this as a bad thing – far from it. It’s like Benjamin Franklin said:
“We are all born ignorant, but one must work hard to remain stupid.”
While I am still worlds away from being an expert, I believe the last two months have allowed me (a self-confessed newcomer) to gain an understanding of what, in my opinion, are three of the key issues currently influencing the industry.
Firstly, I think the world has opened its eyes to the fact that good security is no longer a technological-laden subject reserved only for IT bods, nor is it something that you can throw a huge sum of cash at and sweep under the carpet – it’s a human issue. This means that an organization’s security is only ever as strong as the knowledge its employees have, and that comes down to education.
With hackers adopting more and more simple social engineering techniques to carry out their attacks, educating staff about how attackers operate, what data they are looking for and most importantly empowering them to raise the alarm if they come across anything unusual is vitally important for companies.
After all, as Dr Jessica Barker told me, “you can have all of the technical defenses in the world but if you’ve got members of staff who click on phishing links then that’s the way an attacker is going to get into your organizations.”
Secondly, the world is changing – probably quicker than we can keep up with. IoT is now very much a real thing. With reliance on cloud-based appliances and applications now more prevalent than ever and recent reports suggesting business have big plans for IoT this year, concerns about the security surrounding it is an issue that keeps cropping up.
We are all aware of the significant benefits cloud-based infrastructures can bring, but organizations must avoid the temptation of sacrificing good security to quickly implement them. Any IoT device, whilst it may contain no sensitive data, is an open door for hackers to gain access to a network if it isn’t secure, and relying on outdated infrastructures that do not take this new, larger attack surface into consideration is a recipe for disaster.
Lastly, there’s a clear skills gap in the industry at the moment, and it needs to be closed. Companies are struggling to find individuals with the right level of knowledge to successfully fill the plethora of security roles that are currently available. This is an issue that needs to be tackled head on, starting in schools and universities and carrying on into the workplace.
Digital-savvy youngsters need to be nurtured and encouraged into cybersecurity with the opportunities the industry can offer made clear to them. Likewise, people already working in security roles need to be given regular, relevant hands-on training to improve their knowledge and skills.
These issues are, admittedly, probably just the tip of the iceberg in terms of the wider cybersecurity spectrum, but hey, it has only been two months. As for what I’ll learn next I don’t know, but I’m excited to find out!