Lack of skilled cyber security staff ‘hampering firms’
Many businesses are facing an uphill battle when they attempt to tackle cyber crime within their organisations. Digital attacks are becoming increasingly sophisticated, and enterprises are often playing catch-up in the race to protect their systems from evolving threats.
A recent KPMG and BT report revealed that senior managers are taking these problems seriously; nearly three-quarters discuss cyber security in board meetings at least once a quarter or more frequently.
However, just 22 per cent said they were fully prepared to tackle organised cyber crime. This was despite 97 per cent of businesses admitting they had been victims of such attacks in the past.
One of the biggest issues that organisations must overcome is a lack of qualified cyber security experts within their ranks. Forty-five per cent of respondents said they didn’t have the skills or the people to handle a modern breed of online criminals, while 46 per cent blamed legacy IT systems.
“Talking generically about cyber risk doesn’t deliver insight. You need to think about credible attack scenarios against your business and consider how cyber security, fraud control and business resilience work together to prepare for and deal with those threats,” said Paul Taylor, head of cyber security at KPMG.
“If that’s done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world.”
Clearly, C-suite executives need to strengthen their internal processes and structures to defend against cyber threats – and hiring professionals with the rights skills and experience is a crucial piece of the puzzle.
The need for in-house expertise
According to the BT/KPMG report, businesses are beginning to hire more chief digital risk officers (CDROs) in strategic roles.
Over one-quarter of respondents confirmed they have appointed someone to this type of position, while security roles in general are being examined more closely to assess accountability. The most important qualities businesses expect in their in-house security staff are agility, responsiveness and trustworthiness.
Meanwhile, 94 per cent of those polled said an over-reliance on third-party providers for their security needs was problematic. A large majority of firms outsource most of these processes, including the investigation and resolution of incidents, to other companies.
“With cyber crime continuing to escalate, a new approach to digital risk is needed – and that means putting yourself in the shoes of attackers,” stated Mark Hughes, chief executive officer of security at BT.
“Businesses need to not only defend against cyber attacks, but also disrupt the criminal organisations that launch those attacks.”
BT and KPMG encouraged more organisations to share information in an effort to thwart cyber criminals. Financial institutions and telecoms providers, for instance, could benefit from exchanging intelligence to prevent SIM card fraud.
This crime involves the fraudsters convincing a telecoms company that a phone has been stolen and asking them to transfer a legitimate user’s number over to a new SIM. The individual can then reset passwords and intercept messages meant for the victim, thus gaining access to important financial information and bank accounts.
Ultimately, businesses must do more to protect their systems and customers from cyber crime, otherwise they risk significant financial and reputational damage. Large-scale data breaches both in the UK and abroad over the last two years has emphasised how even the biggest businesses can fall victim to shrewd attacks.
Employing cyber security professionals with the right expertise is therefore crucial, not only to tackle existing threats but also to future-proof organisations against problems that could occur further down the line.
Our Market Reports combine our review of the prevailing conditions in the internal audit recruitment market together with the results of our latest employer survey.
Image: goir via iStock