Cyber-attacks are dominating the headlines and the recent development in sophisticated malware proves that attacks have the potential to destroy the reputation and standing of established businesses. Take the TalkTalk attack for example, which is the third such attack in the past year, and which has further damaged the company’s reputation for looking after its customer’s data.
Online criminals are developing complex viruses at an astonishing rate, the latest Dridex malware has already cleaned out $100m from the banks and even more online heists are set to hit British banks in the run-up to Christmas. From social networking sites to complex banking systems, it seems that no industry is safe. Companies have been aware of these threats for a while but significant steps still need to be taken to protect themselves and upskill their workforce, especially with a recent study placing the average cost of a cyberattack at $15 million per organisation.
The most vulnerable point of access to any company is its employees. Whether this is a piece of software that hasn’t been recently updated, or an employee’s mobile phone or smart watch, each of these represents a potential access point into the corporate network. Even simple things like logging onto public Wi-Fi networks with your company laptop or smartphone to streaming the latest episode of Homeland, employees are putting an entire organisation’s IT infrastructure at risk. IT security shouldn’t just be the priority of the CSO or IT department; it should be a priority for all, from the CEO to the receptionist.
This is where the skillset of ethical hacking can make a real difference to a business. Ethical hacking is essentially where someone uses the techniques of a malicious hacker to identify the weak points in an organisation’s cybersecurity, and uses that knowledge to improve its defences. However, ethical hacking doesn’t just cover this kind of penetration testing. With the right skills in place, ethical hackers can advise businesses on all aspects of digital security, and make the organisation much more resistant to attacks.
This advice can range from showing programmers and app developers how to make their code harder to hack, to providing other members of staff with advice on choosing passwords that are harder to guess, or how to not fall for phishing emails. It’s clear that having access to a qualified ethical hacker is becoming an increasingly important part of how firms protect themselves from malicious external attacks. Google even has its own team of dedicated ethical hackers, and rewards people who spot vulnerabilities in its products, as it did with a Russian hacker who spotted a flaw in YouTube.
Speaking to Pluralsight author and industry expert Dale Meredith, he said there is currently a massive skills gap in this space, with the Information Systems Security Certification Consortium (ISC2) claiming there will be a shortage of 1.5 million trained professionals by 2020. Clearly, given the growing importance of security and ethical hacking as a skill set, this is a worrying trend, and could leave many businesses more vulnerable to attacks. However, as ethical hacking as a concept becomes more widely known, there are greater opportunities for upskilling IT staff already in the organisation, and recruiting new employees that have these skills.
This is where the IT department can empower all staff to protect the wider business. The first step is ensuring existing staff have the right tools and learning programmes available to upskill on ethical hacking. While there are a number of training courses out there, it’s not enough to just send someone on a day long course. Ethical hacking is a constantly changing area, and it is far more effective for learners to have access to an online course when they can keep refreshing their knowledge as nw threats emerge. At the same time, this on-demand approach much more closely matches how IT professionals want to learn – learning at their own pace in any location.
Security shouldn’t end with the IT Department and a role can be played in creating more awareness by working with HR to bridge the knowledge gap. As PwC revealed in a recent study, 34 per cent of compromises in an organisation’s cybersecurity originate from employees themselves, whether maliciously or not. As a result, it is critical for every employee to know how to prevent themselves from putting the company at risk, whether it is through a weak password, clicking on an unsafe link or using an unauthorised personal device in the office.
The problem of cyberattacks isn’t going away – in fact it is intensifying as an increasing amount of data and systems is digitised on an organisation’s networks. It’s only by fully understanding the threat and ensuring everyone has the necessary skills and knowledge that a business can protect itself from the threats that cyberattacks represent.