Skills shortage a major cyber security risk for small businesses

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

Cyber security skill shortages remain a major risk to small businesses who are still struggling to defend against cyber breaches, an new survey shows.

The proportion of information security professionals who feel organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18% in the past three years, the survey by not-for-profit industry body, the Institute of Information Security Professionals (IISP) has revealled.

Security industry leaders are increasingly putting emphasis on cyber resilience based on good detection and response capabilities, rather than relying mainly on defence technologies and controls.

“These results reflect the difficulty in defending against increasingly sophisticated attacks and the realisation breaches are inevitable – it’s just a case of when and not if,” said Piers Wilson, director at the IISP.

“Security teams are now putting increasing focus on systems and processes to respond to problems when they arise, as well as learning from the experiences of others.”

When it comes to investment, the survey suggests that for many organisations, the threats are outstripping budgets in terms of growth. The number of businesses reporting increased budgets dropped from 70% to 64% and businesses with falling budgets increased from 7% up to 12%.

According to the IISP, economic pressures and uncertainty in the UK market are likely to be restraining factors on security budgets, while the demands of the General Data Protection Regulation (GDPR) and other regulations such as Payment Services Directive (PSD2) and Networks and Information Systems Directive (NISD) are undoubtedly putting more pressure on limited resources.

The survey report highlights the problem of skills shortages with the proportion of respondents reporting a dearth of skills as a challenge growing to 18%, up from just 8% in 2015.

While acting as a potential brake on capability, the skills shortage is also driving job prospects year-on-year, reflected in a growth of respondents in all the higher salary bands and in those reporting good job and career prospects.

“This year’s survey further highlights the continued need for industry, government, academia and professional bodies like the IISP to continue to work to resolve these shortages in skills across all levels and disciplines,” said Amanda Finch, general manager at the IISP.

“We have seen AI and machine learning used in defensive security systems for some time and this is now starting to become part of a wider automation approach,” said Wilson. “But like the IoT, AI can also be exploited by cyber criminals, so we need to have the people and technologies to respond and mitigate these emerging risks.”

The IISP represents more than 8,000 individuals across private and government sectors, 41 corporate member organisations and 22 academic partners.

As well as surveying its members, the IISP opened the survey up to non-member security professionals, representing a wide range of ages, experience and industry sectors.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139

Poor data handling is effecting business sales

The failure to protect customer data is creating sales problems for businesses.

The failure to protect customer data is creating sales problems for businesses.

According to a survey by security firm RSA some 90% of respondents said they were concerned about their personal data being lost, manipulated or stolen.

Monetary theft (74%), identity theft (70%) and having embarrassing or sensitive information made public (45%) were the biggest data security concerns. More than a third (36%) also fear being blackmailed with stolen private images or messages.

Some 84% of UK respondents and 81% of Italians listed security information as a concern, both higher than the global average, while German respondents expressed the most concern about genetic data, US respondent were the most concerned about location data.

As a result, 78% said they try to limit the amount of personal information they share and 49% have falsified information online in an attempt to protect themselves,

More importantly from a business point of view, 62% of consumers said they would blame the company involved above anyone else, even the hacker had exposed their personal data.

With 78% saying a company’s reputation relating to its handling of customer data made an impact on their buying decisions.

In fact, an average of 69% said they have or would boycott a company that showed a lack of regard for protecting customer data, with 82% of UK respondents saying they do so.

Some 60% of all respondents said if they hear that a company has been selling or misusing data without consent they will avoid handing data over to them, and 58% said if they know a company has been mishandling data they are less likely to buy services from them.

RSA said “With more than half (54%) of respondents less likely to buy from a company they know has been mishandling data, and 62% inclined to blame the company above anyone else if data is lost, it’s clear consumers are ready to vote with their feet against organisations that fall short of their expectations.”

“The financial and reputational damage of a data breach in 2018 could be devastating.”

The research further underlines the business benefit of ensuring customers’ data and privacy is protected. More than half (53%) of respondents said they were more likely to shop with a company that could prove it takes data protection seriously.

Consumers clearly understand the value of their personal data and, while there may rightly be occasions for caution, they are willing to part with it under the right circumstances.

After the compliance deadline for the European Union’s (EU’s) GDPR on 25 May 2018, RSA Security predicts that organisational privacy and data protection failings will become even more transparent because businesses will be forced to disclose any breach of the regulation.

Under this microscope, the security firm recommends that organisations must think of the wider business impact of privacy and data protection, while also understanding how to work within the GDPR to their advantage.

The research report points out that the GDPR will affect all companies that handle EU citizens’ data, including US cloud providers and businesses in post-Brexit Britain.

So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email assist@cyber139.com or complete the form on our contact page NOWContact Cyber 139