New cyber security challenges What you need to know - Viewpoint - careers advice blog Viewpoint careers advice blog

New cyber security challenges What you need to know - Viewpoint - careers advice blog Tackling cyber crime has become one of the most important challenges businesses face. According to Symantec’s 2016 Internet Security Threat Report, the company discovered 430  million new pieces of malware last year alone. In the UK, two thirds of big businesses experienced cyber attacks in the same time frame. New types of attack are being dreamt up with increasing degrees of sophistication, and organisations are particularly worried about ransomware â€" malicious software that locks or encrypts documents on a computer and demands a ransom to unlock or decrypt it. But what have these changes meant for organisations? The language has changed Most businesses have long been aware of the evolving nature of attacks, but even the lexicon has changed. It seems everyone is now talking about cyber crime, yet it’s not that long ago that the focus was on IT security. This may seem like a subtle change, but Siân John, EMEA Chief Strategist at Symantec, says it is a reflection of the growing expertise on both sides of the fight. “You can see in the explosion of malware, as well as the targeted attacks, that we’ve witnessed the ‘professionalisation’ of cyber crime. You have extremely sophisticated nation-scale attacks at one end, but you’ve also got the mass-market, mass-money-producing criminals taking out smaller companies at the other end,” she says. Company-wide understanding is vital Kok Yew Toh, Senior Manager â€" IT Security and Assurance, Prudential, says that businesses are trying to action behavioural changes in staff to decrease the likelihood of attacks to start with. “Hacking technology and methods have advanced, so simply looking at locks is no longer safe,” he says. “Security has gone from a process of monitoring and detecting to preempting responses. Cyber security has changed in terms of speed and mentality and has  become more about cultural changes.” In practice, this means that educating staff about cyber security risks may need to involve the HR function as well as the IT team. Ideally, the two should work together to identify the key threats and then develop internal training programmes so that all staff understand the risks and how to avoid them. Problems must be anticipated earlier The changing approach to cyber security has driven a demand for those who can manage and assess risk, as much as build ways to combat it. Toh says industry needs strategic thinkers more than coders. “Right now, we are not looking for cyber security engineers, we are looking for cyber security professionals. There is a big difference,” he says. “Engineers will look to fulfil the baseline requirements for the industry; professionals will look at the baseline and ask if it is appropriate for their own business processes. If it isn’t, they will ask if they can make another baseline for their processes. We’re not looking for firemen any more, we’re looking for people who can anticipate how the fire will happen.” Cyber security professionals might come from new talent pools With many businesses facing a skills shortage in these areas, it could be time to look further afield than those specialising in development. John says that the right attitude will see the raw skills develop naturally. “You don’t need a degree in cyber security, which is what many businesses ask for. You can get people from the general IT department or people with history degrees or people who have been engineering apprentices, and give them on-the-job training.” Strategic understanding is vital The necessary skills continue to evolve. Many businesses, particularly in the financial services sector, have a huge number of security systems, producing vast numbers of reports. The new challenges come from organising teams to analyse these pieces of information as one, and then acting on them accordingly. Toh says the cyber security professional of the future will need to find ways to combine team skills and form strategy accordingly. “This is one of the biggest issues for cyber security right now. Engineers can’t do that because they’re looking at the details, the ones and zeroes. The management person can’t do that because they aren’t familiar with the technology. That’s why management should have the skills to leverage the people working for them to come up with methods to correlate this information, so that managers have a more holistic picture of the state of the company’s security.” If you enjoyed the above blog  then you might also appreciate these other articles, which also  originally appeared in  previous issues of the  Hays Journal: Five ways to give staff a sense of purpose A complex relationship The fruits of knowledge Training at the top How high tech cities are boosting productivity and attracting talent Establishing an effective middle management tier Managing external resources Four pillars of people Find out whats inside the latest Hays Journal issue: View the Hays Journal online or request a printed copy from haysjournal@hays.com