Why you need to double down on cybersecurity talent
Let’s rewind to July 2017. The seventh season of Game of Thrones was in full swing and Daenerys Targaryen had finally arrived in Westeros to claim the Iron Throne. But at the zenith of the dragon-scorched zeitgeist, disaster struck — HBO got hacked and the script of an upcoming episode was leaked online.
This high-profile hack wasn’t the handiwork of experts armed with state-of-the-art software and an unlimited budget. The culprits turned out to be a band of five hackers in India equipped with hand-me-down computers and makeshift IP hoppers.
So how did HBO — a multi-billion-dollar media network — fall prey to this 1.5 terabyte data breach? The company’s security protocols were soft, and it didn’t have enough redundant fail-safes.
A virtual wild west
As technology advances and the demand for global connectivity increases, hackers and phishers continue to run rampant. Attacks are carried out every 39 seconds and damages from cybercrime are expected to cost the world $6 trillion by 2021. For small businesses, this shakes out to $3.9 million per year while publicly traded firms suffer from an average loss of $116 million.
To make matters worse, the global pandemic has only aggravated the issue. Since the COVID-19 shutdown began, the FBI has reported a 300% increase in cyberattacks as companies shift to a work-from-home model and hackers target vulnerable networks.
The cybersecurity talent crunch
As businesses scramble to protect sensitive data and digital investments, the demand for cybersecurity experts is predicted to create 3.5 million unfilled jobs by next year. It has become increasingly challenging to find experts within the field due to a lack of resources with a keen understanding of network and software architecture, key access points and cyber defense.
But here’s the silver lining — companies that know which roles to prioritize and what certifications to look for have an opportunity to secure the talent they need to padlock their data, protect their assets and stave off cyberattacks.
Is your current hiring strategy aligned with global security standards to stay ahead of potential threats? Based on the trends we’re seeing in the cybersecurity space, here are four roles you should consider adding to your IT team: ethical hacker, Web application firewall (WAF) engineer, DevSecOps engineer and compliance engineer.
Ethical or white hat hacker
Black hat hackers typically operate with the goal of financial gain. Or in some cases, they’re just looking to wreak havoc and watch the world burn. They know how to bypass security protocols, write malware and steal, modify or destroy precious data.
But on the flip side, their white hat counterparts employ the same methods to help organizations hack themselves, probing for weak spots. They pinpoint and plug up cybersecurity holes before a malicious hacker breaks through the firewall. Often hired as contractors, ethical hackers get permission from the system owner to perform penetration testing and vulnerability assessments. If you’re looking to complement your team with a white hat hacker, make sure they have a Certified Ethical Hacker (CEH) license.
Web application firewall (WAF) engineer
While network firewalls serve as a safety gate between servers, WAFs are deployed in front of web applications to analyze HTTP traffic and block anything malicious.
Think of it this way. A network firewall protects a LAN network from unauthorized access, while a WAF provides protection from cyberattacks targeted at web servers. Both are important — they just focus on different types of security threats. Today, as more and more businesses convert their physical, on-premise infrastructures to the cloud, WAF firewalls are critical.
To design, build and manage the security infrastructure of your WAF firewall, you need the expertise of a WAF engineer. These security specialists are responsible for planning the overall technical approach, directing the installation of firewall software and hardware, troubleshooting issues, writing documentation and meeting compliance requirements.
Development, security and operations (DevSecOps) engineer
While WAF engineers focus on a specific aspect of cybersecurity, DevSecOps engineers zoom out and cover the entire gamut of the software project lifecycle. They need to know how security impacts each stage of the development pipeline, from initial design and build to rollout, maintenance and final product. Ultimately, a DevSecOps engineer can boost your bottom line by helping your organization update software faster and push out features sooner.
Finally, many companies are hiring compliance engineers to analyze risk management and protect highly sensitive data. As part of the quality assurance (QA) team, compliance engineers design and implement programs to reduce vulnerability and deliver insights on the level of risk IT systems are operating under. They regularly test and validate the IT infrastructure to make sure each product and platform meets cybersecurity safety standards.
Shoring up your cybersecurity solutions
With the evolution of virtual environments and mobile business resources, cybersecurity solutions are more necessary than ever to protect sensitive data. Poor configurations of these services — coupled with the sophistication and intuition of hackers — puts many organizations at risk of cyberattack or data breach.
Hackers are a known threat, but many businesses still fail to understand what steps they need to take to combat cybercrime. And with the advancement of Internet of Things (IoT) and connected devices — not to mention the acceleration of digitization due to the pandemic — this threat will continue to loom large for the foreseeable future.
Today, many IT positions have been forced to double as cybersecurity roles. This isn’t ideal. Splitting attention between cyber threats and day-to-day IT tasks is a recipe for weak security, and we recommend bringing on specialists to maintain a razor-sharp focus. While the cybersecurity talent crunch is making it difficult to find specialists with the perfect skillsets, the stakes have never been higher. With the right approach and the right expectations, you’ll be well positioned to safeguard your systems and protect your data.