2024 is coming to a close, and it’s as good a time as any to reflect on the year we’ve had in cybersecurity. It hasn’t been the easiest ride – just earlier this year, the Department for Science, Innovation and Technology reported that a staggering half of businesses had experienced some form of cybersecurity breach or attack in the last 12 months. And according to ISACA’s State of Cyber research, 41% of European cybersecurity professionals reported that they are experiencing more cyberattacks when compared to a year ago.
And we’ve seen it in real time. This year, we’ve witnessed attacks on national infrastructure, major outages that impacted millions of people around the world, and the cost of cybercrime going up to trillions of dollars.
It is undeniable that our physical and digital worlds are intertwined now more than ever, and that we rely on digital services for much of our day-to-day lives. We’ve felt the consequences of these kinds of digital disruption, whether it’s been a minor inconvenience or a major disturbance. We’re entering a new era of cyber threats – a digital pandemic.
What is a digital pandemic?
These cyber incidents can best be described as a digital pandemic – in which a single hack or point of failure spreads through critical infrastructure and shuts it down, impacting thousands. Or, in some cases, millions. Just like a medical virus, cyberattacks can appear and rage on at alarming speed – crossing borders, crippling critical infrastructure, and impacting individual lives on a global scale.
Our digital ecosystem is so interconnected, and for many organisations or businesses, there are long and complex supply chains involved. Just one single vulnerability within a supply chain is enough to rip apart entire networks and leave devastating consequences in its wake.
Planning makes perfect
This increasingly complex and interconnected digital world that we have built is, as it stands, a gateway for these kinds of attacks to happen. With this in mind, all organisations and businesses must have a robust, holistic response and recovery plan in place. Detection and response should be valued just as highly as protection and prevention, and the right systems and measures should be in place ahead of time so that staff can move quickly when things go wrong to minimise the damage and disruption. Being reactive is simply not enough when it comes to cybersecurity. Businesses must be on the front foot and prioritise cybersecurity in order to be best protected and stand the best chance of recovery.
Technology alone won’t do
But investing in the right technology isn’t the be all and end all in cybersecurity. In fact, it doesn’t mean much at all without the appropriately trained and skilled staff in place to implement processes.
However, putting this into action is made significantly harder by the fact that there is a sizable skills gap in the UK and beyond – ISACA’s latest report found that 61% of European cybersecurity professionals say that their organisation’s team is understaffed, and a recent government report estimates that around 44% of UK businesses have a basic cyber skills gap. This means that in those businesses, the employees responsible for cybersecurity lack the confidence to carry out basic cyber tasks.
It’s time that both the government and businesses alike start taking cybersecurity more seriously. The right steps are being taken by the government to prepare the workforce for the digital pandemic, and we can expect these to increase through legislation such as the Cyber Security Resilience Bill. But organisations need to play their part too, and the first step is acknowledging the worth and importance of having a trained and skilled workforce that can be nimble and fight cybersecurity challenges head on.
And there is no ‘right person’ that businesses should be looking to hire. Cybersecurity professionals should be from all walks of life, despite the misconception that they should typically be solely technical-minded and have certain skill sets or personality traits. In fact, according to ISACA’s research, 52% say that soft skills are lacking the most amongst today’s cybersecurity professionals. These soft skills can be anything from communication skills to problem-solving and critical thinking skills.
This just goes to show that there is not a set personality type that fits into a cybersecurity role. These jobs should be open to everyone, and it’s on businesses to make job roles more appealing and inclusive.
Prepare ahead of time
Once the right people are filling cyber positions, much like with a medical pandemic, these professionals must come together across businesses, sectors and borders to share learnings. And where cybersecurity attacks affect companies and individuals on an international scale, staff must come back together and coordinate responses.
To remain protected and for businesses to be in the best position to respond to any kind of incident, cybersecurity must be acknowledged and accepted as a legitimate and rising threat. We’ve seen that this digital pandemic has the potential to disrupt life as we know it, even only for a matter of days. But every second counts when responding to a cyber threat, and only with investment in the right people, process and technology will any kind of business stand a chance at recovery.