Fortra. 3 Reasons to Be Optimistic about the Future of Cybersecurity

Being in the cybersecurity industry, you get visibility to a lot of negativity. This includes things like the latest high-profile organization to suffer a ransomware attack, a breach where some ridiculous number of identities get exposed, or the introduction of some new criminal organization. Despite the prevalent negative discourse in cybersecurity, various factors like education, shifting priorities, and collaboration offer credible reasons to be optimistic about the field’s future.

Education Closes the Cybersecurity Skills Gap

It’s no secret there is a workforce gap, and the number that gets thrown around regularly is somewhere between 3 and 4 million unfilled cybersecurity jobs globally. According to the ISC2 2022 study, this number is 3.4 million, representing a 26.2% increase from the prior year. This means that globally, the gap is widening.

However, when broken down further, we can see examples of closing this talent gap, and education plays a major role in that. For example, the LATAM market closed its workforce shortage gap by 26.4%, which is driven largely by cybersecurity-specific post-secondary educational programs implemented in the past few years. And this is not the only example.

Cybersecurity and STEM are being introduced into the grade school curriculum at an earlier age. These kids are being taught foundational elements. Having them reinforced during their school years will help create security-aware citizens and professionals that enter the workforce. This level of awareness will also reduce successful social engineering and phishing attacks in future years.

Higher education is embracing cybersecurity as well. Vendors are working with colleges and universities to create programs and internship opportunities that count towards graduation. This solid foundation of coursework and experience will be desirable for employers as these students can ramp up quickly.

Finally, governments and transnational institutions have also embarked on a mission to educate their workforce. The European Commission launched Cybersecurity Skills Academy, and the U.S. Government unveiled the National Cyber Workforce Education Strategy. I expect other regions to follow suit and invest in similar workforce development programs to address the cyber workforce gap and the evolving cyber threats.

A Culture of Collaboration

A few years ago, I had the privilege of working with two former CISOs, one from a large financial institution and the other from a major telecom company. I learned a lot from them, and what struck me the most was that both collaborated with their peers from rival companies. At first, I was skeptical, thinking that working with competitors was counterintuitive, given that we all compete for the same audience and business.

However, they explained that although their companies competed commercially, they faced the same cybersecurity threats and challenges. The CISO from the financial institution mentioned that he had a monthly meeting with CISOs from other financial institutions. The CISO from the telecom company said that he also had a similar collaboration with his counterparts, and this kind of partnership significantly improved everyone’s overall security posture.

Fast forward to this year at RSA, the theme was “Stronger Together”.  There were lots of sessions around collaborating in new ways, which sometimes may be uncomfortable but required as we all fight the same cyber adversaries. For example, Fortra collaborated with Microsoft Digital Crimes Unit and Health-ISAC earlier this year to help take down malicious actors. Each organization was working independently to fight ransomware gangs around the world. However, by joining forces, we have identified and taken down malicious infrastructure these gangs use to distribute ransomware.

As my colleague Josh Davies, principal technical manager at Fortra, notes, “Security is not a challenge we solve in isolation. We all face common threats, and every successful breach may result in the re-investment of ill-gotten gains, only making the threat more difficult to tackle. Collaboration is key, and organizations and security vendors/specialists alike have shown positive steps in sharing resources, experiences, intelligence, and best practices.”

Moving Beyond Security: Cybersecurity Resilience

It is a well-known fact in the cyber community that there is no such thing as 100% prevention. However, stakeholders and executives in the corporate business domain have struggled to comprehend this concept. With the increasing recognition of cybersecurity as a credible business risk and a top priority for all board members, business leaders have come to realize that organizations need to be prepared for the inevitable. This means that companies must be able to withstand and quickly recover from an attack.

As a result, organizations have shifted their focus from trying to keep all threats out, hoping prevention has worked, to establishing detection and response strategies that can identify a compromise before it progresses to a news story with a data breach or ransomware extortion.

This wider acceptance can be seen in regulations like DORA, which lists resilience as the ability to both withstand AND quickly recover from a successful attack. In fact, organizations with a mature detection and response program can actually come out of a compromise with minimal impact and a stronger security posture after performing mitigations, ultimately emerging more secure than they were before the compromise.

The EU Cyber Solidarity Act is another example that aims to address this issue by creating cross-border security operations centers throughout the EU. These centers will detect and respond to large-scale attacks, making it easier for businesses to recover from such incidents.

Source: Fortra