One of the biggest cyber security issues faced by global networks is the shortage of qualified IT staff to deal with cyberattacks, a situation which is only set to intensify if left unaddressed, according to GlobalData, a leading data and analytics company.
GlobalData’s Job Analytics database reveals that there were over 55,000 vacant cyber security related jobs in the US alone during September 2021, an increase of 6.5% on the previous month. Cyber security jobs are also being filled at a slower rate than they are being created. On average these positions remain unfilled for 43 days in the US compared to the countries overall job vacancy fulfilment of 37 days.
The types of cyber security jobs that are most in demand across the globe are software and web developers, programmers and testers, database and network administrators and architects, and computer and information analysts. In Jan 2020 global vacancies for software and web developers, programmers and testers stood at 7,754. By September 2021 vacancies had reached 25,293 jobs a significant increase of over 44%. Specific roles that are most in demand include forensics, cyber automation engineering, SOC analysis, cloud network architecture, consulting on advanced threat solutions, and cyber security analysis.
GlobalData’s latest report, ‘Thematic Research: Cyber Insurance 2021’, reveals that the complex and diverse nature of cyber risks has led the insurance industry to encourage businesses to proactively manage their cyber risk to prevent cyberattacks happening in the first place. The report estimates that there is a total of 5.2 million UK SMEs without cyber insurance, 80.0% of which are sole traders and 17.4% are micro-sized enterprises. Many of these businesses are not proactively managing their cyber risk, creating further access points within supply chains and networks for cyber criminals.
Emilio Campa, Thematic Associate Analyst at GlobalData, commented: ‘‘The bigger companies are paying the higher salaries and attracting the few skilled workers that there are. This means that smaller companies are under-resourced and at greater risk of experiencing a cyberattack. Another factor here is that the larger companies go on to develop security solutions that require a high level of information technology (IT) skills to implement, and the only companies that have people qualified to implement these solutions are those same larger companies."
Ransomware attacks are becoming more frequent and high profile, and the amounts that are both being demanded and paid are increasing. Since critical infrastructure is integral to the functioning of all societies in the developed world, companies that are hit by ransomware attacks are more likely to pay up to ensure services are not disrupted for very long.
Campa continued: “This makes critical infrastructure a target for continued attack and a source of recurring revenue streams for cyber criminals. Governments generally oppose companies paying ransoms, but companies often feel that they have no other option.
"Ransomware attacks are highly lucrative, and they will not reduce in number without carefully thought-out government intervention. There are more connected devices on the planet than people which makes implementing effective cyber security measures particularly challenging especially with the convergence of operational technology (OT) and IT."
The facilitation of data exchange between OT and IT offers greater business benefits such as enhanced operational efficiency, reduced costs, improved decision-making, and a better customer experience. However, it also introduces significant risk since the interconnection of OT and IT produces a larger network surface for cyber criminals to exploit. For example, the February 2020 attack on a gas compression plant in the US occurred because the perpetrator was able to jump from the facility’s IT network onto the operational network with reports suggesting that an employee may have mistakenly clicked on an email link.
Campa adds: “Unless security solutions become simpler to implement and companies are able to recruit the cyber security professionals that they need, critical infrastructure will remain at high risk and a lucrative target for hackers.”
Information based on GlobalData’s reports: ‘Thematic Research: Cyber Insurance 2021’ and ‘Thematic Research: Internet of Things’