Globally, digital transformation continues at an incredible pace, as organizations strive to leverage emerging technologies to give them a competitive edge and secure advantages including better efficiency, productivity and experiences for customers.
The scale of transformation is huge: figures published by Statista indicate that spending on digital transformation technologies and services worldwide is projected to climb to 2.51 trillion USD in 2024, and 3.4 trillion USD in 2026.
Though the adoption of digital technologies carries potential benefits for businesses, as many organizations have found to their cost, it can also open the door to significant risks, in particular, in the form of serious threats to cyber security.
This danger has been underlined in recent weeks, as major global brands found themselves the subjects of a cyber attack in which hacker gang Clop infiltrated UK businesses such as the BBC, US-based investment firms, European manufacturers and US universities. This kind of attack is unfortunately all too common.
Cybercrime is a growing challenge: research from Statista indicates that in 2022, around the world, four in ten internet users experienced cybercrime, with India, the U.S. and Australia topping the chart.
The evolving threat landscape
Cyber threats that businesses face are not static and evolve constantly. Attackers constantly adapt their tactics, employing sophisticated techniques such as ransomware and social engineering to exploit vulnerabilities and achieve data breaches in digital systems. Successful attacks can lead to prolonged service disruptions, financial losses, and reputational damage. To counter, businesses must adapt their cyber security measures, and deploy advanced technologies to detect and mitigate emerging threats effectively.
How should businesses resource the challenge of understanding, mitigating and responding to cyber-attacks, to protect their critical assets?
For many businesses, the best approach is one that bolsters in-house expertise with specialist external services that can be activated as needed. Here we explore some of the considerations for businesses as they seek to create the right blend of support.
A challenge compounded by skills shortages
Businesses need access to a highly skilled cybersecurity workforce capable of navigating complex technological landscapes. Unfortunately, for many, finding the talent they need is not straightforward. The demand for cyber security professionals with expertise in emerging technologies often exceeds the available talent pool, meaning businesses face challenges in recruiting and retaining top talent.
In fact, globally, the cybersecurity workforce gap has increased by 26.2% compared to 2021, with 3.4 million workers needed, according to the (ISC)2 2022 Cybersecurity Workforce Study, Even with the right talent in place, attrition is an issue: the day-to-day work of delivering protection for a business can be labor-intensive and often falls outside the scope of a business’s core competencies.
Additionally, we know that worldwide, there tends to be high attrition for in-house analyst roles – sometimes with a turnover as short as 6-12 months – because of the intense nature of the work.
How can businesses respond to these challenges? Effective ways forward include bringing in specialist advice and consultancy, collaborations with external experts to bridge the expertise gap effectively with select managed services, strategic investments in training programs, and partnerships with educational institutions. and.
The right external support is highly skilled and cost-effective
Many businesses, especially if they are global, provide round-the-clock services to end users, and as such they need to be able to draw on security support 24 hours a day, 365 days a year. To achieve this in-house requires staffing several full teams, plus management. In this context bringing in external experts for specific managed services, such as monitoring and investigations, incident response and SECOPS (security operations) can make sense.
This approach can enable businesses to access the very best, and most current expertise, and, in tandem, achieve cost savings as they can deploy this high-quality resource purely as required. On-demand cyber security teams, ready to respond immediately when an incident occurs – for example stepping in to isolate a malware attack before it spreads – immediately enhance a business’ protection levels.
Vet, vet and vet again
Cyber security is a fast-moving field, and businesses seeking to complement in-house expertise with plug-and-play specialist external support must do careful due diligence to ensure the partner they select has the skills and expertise required for their specific context and challenges.
It is not uncommon for contracts to be agreed upon, only for businesses to find that precise requirements in fact cannot be met. This is not an area where businesses should take chances on the quality of support they choose: that means in terms of the technical expertise on offer, the quality of the partnerships and products provided, and any off-site facility’s operational reliability.
Businesses and governments need quality across the brand
Facilities such as Cytek’s new Security Operations Centre (SOC) in Lagos, Nigeria, can offer businesses and government entities the peace of mind of access to a full team of cyber security experts in an SOC backed by Microsoft’s industry-leading AI-enabled Sentinel platform.
More than that, it is a facility that offers 24/7 security, three generators for redundancy and diesel storage for up to 20 days backup. It is these details, alongside being just one part of an intercontinental ‘follow the sun’ network of professional cybersecurity expertise that differentiates quality support that businesses and governments can truly rely on.
Having confidence in the suite of products used by outsourced managed security services is key for any organization. Cytek has chosen Microsoft’s Sentinel platform because its AI-powered technology can pinpoint and investigate cyber threats faster than human capability, which then enables the SOC’s cyber security experts to devise and implement mitigation much more quickly. Cytek also uses Microsoft’s Defender, part of the XDR family of products for endpoint security.
With these products and the right specialist support, organizations can prevent, or address very rapidly, the types of attacks we have seen affecting global brands in recent months.
Tailor training effectively for full return on investment
Taking a strategic approach to identify and home in on specific gaps in training can help build cyber resilience, as well as instill more loyalty across the team, and ensure investment is targeted exactly where it is needed. This approach requires longer term planning, but with the right specialist input around digital upskilling, businesses can map precisely which skills are required and where, and design training and development programs to build capability and fill these gaps.
A challenge many organizations find hard to get to grips with is the fact that cybersecurity training cannot just be targeted at developers and high-end engineers, but must include regular colleagues in roles across the business. Specialist training, such as that provided by Elev8, gives personnel across an organization the awareness they need to help keep operations safe. We know this is effective: as detailed in Microsoft’s Microsoft Digital Defense Report 2022, basic security hygiene protects against 98% of attacks.
The right blend of support is different for every business
With cybercrime on the rise, and though all businesses face similar challenges in this regard, how each approaches monitoring and responding to that threat will be unique to them, depending on the available talent pool in their specific region, and size and preparedness of their own team.
Successfully protecting themselves will be down to a blend of the right training for existing team members, creating an attractive environment to attract and retain skilled staff and drawing on specialist external support where required.