Posts

UK IT Pros: Brexit Will Increase Skills Shortages

Infosecurity Magazine | November 27, 2019

Over 90% of UK IT professionals believe Brexit will make chronic industry skills shortages even worse, according to new research from RedSeal.

The security vendor polled 502 IT professionals to gain greater insight into the skills challenges facing the country.

In total, 87% of CIOs and senior IT pros admitted that they are struggling to find cybersecurity professionals with the right expertise. In addition, 73% argued that Brexit-related uncertainty is adding to the challenge of hiring from outside the UK, and even more (95%) said that leaving the EU will only widen the current skills gap.

UK Business at Risk as Cyber Skills Gap Reaches Breaking Point

  • Over a year on from Parliament’s National Security Strategy report, cybersecurity training opportunities still aren’t a priority for the Government
  • A deepening talent gap in cybersecurity has potential to cause irreparable damage to UK business
  • CIOs and senior IT employers say a looming, uncertain Brexit is presenting enormous hiring challenges
  • Businesses face a global shortage of approximately 4 million cybersecurity pros
  • A focus needs to be put on ‘skilling up’ the UK’s next generation of cyber security professionals

27th November 2019 – A new, in-depth piece of research* conducted amongst UK CIOs and senior IT professionals has revealed that the cybersecurity skills gap has reached a crisis point, putting British business on the backfoot in the ongoing war against online fraud and cybercrime. This cybersecurity industry study from digital resilience experts RedSeal, unearthed major concerns about business’ ability to develop, attract and retain personnel with the right skillset to stand up against an ever growing threat landscape.

An enormous 87 percent of CIOs and senior IT pros reported that they are struggling to find cybersecurity professionals with the expertise needed to combat serious and organised online crime. Almost three quarters (73 percent) went on to say that uncertainty around Brexit is a huge concern when it comes to hiring security professionals from outside the UK. Further, 95 percent specified that Brexit will in fact widen the current skills gap, since many IT security professionals currently within British business are from outside the UK – due to the lack of advanced cybersecurity education provided locally.

Why aren’t cybersecurity training opportunities being made a priority by the Government?

It has been just over a year since Parliament’s Joint Committee on the National Security Strategy, a cross-party group that works across both the Commons and Lords, published a report exposing the UK’s chronic lack of digital skills, even within some of its own security agencies. Published in July 2018, the report revealed that ‘although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the Government and private sector affected by the shortage in skills. Authors of the report, titled Cyber Security Skills and the UK’s Critical National Infrastructure, voiced huge concerns around the Government’s apparent lack of urgency in addressing the cybersecurity skills gap in relation to Critical National Infrastructure.

Cybercrime is a real and present problem for UK business at a time of continued uncertainty

Further questioning within the RedSeal research also demonstrated that cybercrime and its impact on UK business continues to grow, with 81 percent reporting that they have suffered a cybersecurity breach in the last 12 months. The lack of skills has also contributed to a lack of proper response planning and almost half (40 percent) of senior IT pros stating that their business doesn’t have a plan in place to respond to a security breach.

RedSeal urges the UK government to create a more robust education policy that will deliver the skills needed in the future.

Dr Mike Lloyd, CTO at RedSeal and expert in the study of the spread of malware, commented on the new research: “Across the industry, we have drained the talent pool for security professionals. There’s a global shortage of about 4 million cybersecurity pros, up from just over 3 million last year**.  The UK’s education system can help, but not quickly – professionals agree that it takes about 10 years of real-world experience to develop the skills needed to combat today’s threats, so we’re facing a sustained drought for talent. Automation can help but cannot replace human intuition and insight. We have to build hybrid teams, combining computers for all the drudge work so that the few human analysts can focus on the security tasks that matter.”

Professor Peter Komisarczuk, Head of Department Information Security at Royal Holloway University of London, commented: “Further and higher education in cybersecurity needs continuing support in order to keep pace with the ever changing threat landscape that UK business is facing right now. There is a shortage of professionals with cyber security skills in the UK which means that engaging young people and mid-career changers in developing skills and knowledge through high level technical and computing education is more important than ever before.”

He continued: “There are significant career opportunities in cybersecurity – the average annual salary for jobs in cybersecurity is £72,500 and we are seeing our graduates getting significantly more that the average graduate salary of £23,000 on leaving with their degree. Moreover, the potential to contribute to economic growth is huge, as well as support UK business against a very real cyber threat.”

He finished: “There are some great schemes encouraging younger people to pursue a career in Information Security such as CyberFirst which provides excellent opportunities for 11-17 year olds to develop skills and knowledge as well as a bursary scheme for undergraduate students.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

**According to the latest annual workforce study by (ISC)²

CEOs Use of Smart Devices Increase Risk of Cyberattack

  • New research finds CEOs are disengaged from cybersecurity policies — 30% are unaware of the volume of attacks on their business and 54% don’t adhere to security teams’ ‘out of office’ security protocol
  • Smart technology puts sensitive information at risk, as CEOs become a major target for hackers and cybercriminals  

SAN JOSE, Calif. – RedSeal, the leader in network cyber risk modeling for hybrid environments, released the results of research that found the lack of CEO-specific security plans, their failure to comply with plans in place and the growing prevalence of unsecure smart devices mean CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks.

The RedSeal research*, which polled senior IT teams up to CIO level, unearthed a number of gaps in cybersecurity protocols and awareness in the C-Suite. Although the research demonstrated that many senior IT professionals have tried to implement CEO-specific cybersecurity plans, more than half (54%) believe their CEO exposes their organization to potential compromise by not following procedure. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

The proliferation of smart devices is a danger to business

With data showing one in five smart devices** have been breached or compromised, along with senior executives who don’t follow cybersecurity measures outside the office, there’s significant risk, or opportunity.

“C-suite executives are ideal targets. They have broad access to their organizations’ network resources yet frequently see themselves as exempt from the inconvenient rules applied to others,” said Dr. Mike Lloyd, CTO of RedSeal. “Combine this with the security lapses prevalent while traveling and in the home, and you have a great opportunity to exploit for commercial or national advantage.”

The risk of cyberattacks is high and business leaders know it. According to the recent Cyber Risk Index (CRI) survey by the Ponemon Institute, “80 percent of IT business leaders anticipate a critical breach or successful cyberattack over the coming year.” It also highlighted a critical gap between data risk and the protection measures businesses have in place noting, “…the ability to securely implement disruptive technologies like mobile, cloud, and IoT devices was a great concern.”

There is global confusion as to how many cyberattacks businesses have experienced in the last 12 months. For example, the UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas RedSeal’s research reports 81% of senior IT professionals in the UK admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organization.

The research also revealed that 42% of companies don’t have a cyber-response plan in place to inform customers of a security breach, and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. The concept of a perfect defense is illusory; in a complex and interdependent world, some attacks are bound to succeed. Organizations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place from June 19 – 27, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

** Atomik Research conducted an online survey on behalf of RedSeal among 2,004 UK consumers aged 18+ between June 19 – 25, 2019. To read a summary, please click here.

UK CEOs’ Cyber Ignorance Costing Firms Dear

Infosecurity Magazine | July 17, 2019

Cybersecurity: Is your boss leaving your organisation vulnerable to hackers?

ZDNet | July 15, 2019

CEOs’ Lack of Cyber Awareness Is Exposing UK Business To Major Risk

London, UK – Tuesday 16th July 2019 – The lack of CEO-specific security plans, failure to comply with plans in place and the growing number of unsecure smart devices in the home and places of travel (such as hotels) means that CEOs and other senior executives are regularly at risk of being targeted by cybercriminal networks, a new piece of research has revealed today.

The latest survey*, conducted by RedSeal amongst senior IT teams up to CIO level within UK businesses, unearthed a number of gaps in cybersecurity protocols and awareness amongst a CEO audience. Although the research demonstrated that many senior IT professionals have aimed to put CEO-specific cybersecurity plans in place, over half (54%) don’t believe that their CEO follows procedure and are exposing their organisation to potential compromise. Over a third (38%) also weren’t fully aware of the technology their CEO used in their own homes.

  • New research reveals that CEOs are disengaged from cybersecurity challenges and are unaware of many of the attacks on their business
  • Many CEOs still aren’t adhering to ‘out of office’ security measures put in place by their security teams
  • Smart technology is putting sensitive company information at risk, as CEOs become a major target for hackers and cybercriminals

The proliferation of smart devices is a danger to UK business

With the ever-changing digital working habits and behaviours of CEOs made possible by innovative mobile and smart technology the research found that cybersecurity measures aren’t being followed outside the traditional workplace — an enormous potential security oversight given 1 in 5 smart devices in the home** have been breached or compromised.

“Smart devices are important because they are new, unproven, and not built with security as a primary goal” said Dr. Mike Lloyd, CTO of RedSeal. “Smart devices compete on convenience and price. Security is usually an after-thought, if it’s addressed at all. Some popular smart devices, like smart speakers, compromise privacy even when working as intended — which is scary when you think about the opportunity this presents to people who want to spy on CEOs for commercial or national advantage. CEOs have wide access to their organisation’s network resources, the authority to look into most areas, and frequently see themselves as exempt from the inconvenient rules applied to others. This makes them ideal targets.”

UK business is also under attack but are we trying to hide it?

There is industry-wide confusion as to how many attacks there have been on UK business in the last 12 months. The UK Government’s recent Cyber Breaches report cited that only 38% of UK businesses have recorded an attack, whereas this most recent research from RedSeal is showing that, in fact, 81% of senior IT professionals admit to their company having suffered a breach.

75% of those IT pros surveyed also stated that their CEO must pay more attention to cybersecurity, with almost the same amount (74%) saying that their customers’ information has been put at risk because of a cyberattack or breach on their organisation.

The research also revealed that 42% of UK companies don’t have a cyber-response plan in place to inform customers of a security breach and that over a quarter (26%) will only report the major breaches to their CEO.

Lloyd concluded, “Despite its many benefits, the Internet is a dangerous place where new security threats can evolve and rapidly mutate. Perfect defence is illusory; in a complex and interdependent world, some attacks are bound to succeed.  Organisations must look to a strategy of resilience. They’ll survive only by planning in advance for how the inevitable successful attacks will be handled.”

ENDS

*An online survey was conducted by Atomik Research on behalf of RedSeal among 502 IT professionals from the UK. The research fieldwork took place on 19th-27th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

**A second online survey was conducted by Atomik Research among 2,004 UK consumers aged 18+. The research fieldwork took place on 19th-25th June, 2019. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code. To read a summary, please click here.

Business Feel Let Down By UK Government on Cybersecurity

UK Businesses Are Asking the Government to Provide More Support Around Cybersecurity Issues in 2019

LONDON, UK – Monday 10th December, 2018 – Has a sensitive political and business environment in 2018 deflected attention away from security and left UK businesses less prepared for cyberattack? New research* has revealed that UK businesses are looking for greater support from the Government in the ever-growing battle against cybercrime.

According to the latest insights from RedSeal, nearly seven in ten (68%) IT bosses say their business has suffered at least one cyberattack in the past year. Almost a third (31%) also said the government does not offer businesses enough guidance or support on cybersecurity. The data also revealed that one in five (19%) of the UK businesses surveyed had no plan in place to deal with a cyberattack and that 65% of IT teams believe that their senior management needs to pay more attention to cybersecurity in 2019.

This latest research comes just two months after the National Cyber Security Centre’s second annual review where the Chancellor of the Duchy of Lancaster, David Lidington, gave a speech at the National Cyber Security Centre on why cyber security matters. He highlighted that the Government’s latest annual Cyber Security Breaches Survey had also revealed that more needed to be done. It flagged that only 30% of UK businesses have a board member with responsibility for cybersecurity and a small 10% require their suppliers to adhere to any cyber standards. Lidington also said that the Government’s next announcement on their cybersecurity strategy for UK business is planned for some time this month.

Ray Rothrock, CEO of RedSeal and author of the book Digital Resilience commented, “We commissioned this research to explore how prepared businesses are to continue operating during an attack. The number of high profile breaches has meant that 2018 has become the year where businesses are left wondering what more they can do to protect themselves, how to remain resilient, to keep operating and minimise customer damage. Our research highlights the fact that that senior IT bosses want the UK government direct more attention, money and resource to supporting their businesses in the face of cyberattacks.”

RedSeal’s research today, along with high-profile breaches such as the Marriott and British Airways in recent weeks and months, has only highlighted the ever-growing need for more to be done in the fight against cybercrime. Two-thirds (67%) of those that had been attacked in the last year stated that this had resulted in a financial loss, 37% in a loss of customers and nearly half (43%) suffered damage to their reputation.

* An online survey was conducted by Atomik Research among 501 UK IT professionals, Director Level and above. The research fieldwork took place between the 13th and 19th November 2018 Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.