By Alistair Hartrup, CEO Network Critical.
All of us rely on secure financial management systems. Whenever we do online banking, we trust that the server is safe from hackers. There is usually no need to ponder the system that protects our virtual finances, but these systems are always on high alert. One example, SWIFT, a leading provider of secure financial messaging services, is constantly under attack from sophisticated hackers.
In February, a breach took place by a group called Ordinaff, the Bank of Bangladesh lost $81 Million. Alain Desausoi, CISO at SWIFT commented at the Financial Times Cyber Security Summit, "We were surprised by the gap between the skills of the attackers and the cyber security practices in the banking industry." While the threat is the same worldwide, the necessary skills to manage them are not the same in all countries. The February attack was caught by an alert manager who noticed a typo in a transaction message. If not for that catch, this breach could have been in the billions of dollars.
The UK Government's Cyber Security Breaches Survey 2017 found that out of all the major sectors, finance and insurance are the mostly likely (90 percent likely) to prioritise and invest in cyber security. The report also found that financial institutions may suffer security breaches because of vulnerabilities in end-user systems. For example, if a client's email is hacked, the hacker could change the client's password and withdraw money using his or her online account. This further highlights the need for cyber security professionals on staff.
The financial industry is under persistent attack by cyber criminals who want to steal money, data, identities and more. If too many are successful, we risk the catastrophic failure of our digital financial system. More than 90% of the money in the world today exists only as bits on computer servers. These servers must be monitoring, managed and secured. To protect our economy, trustworthy cybersecurity systems need to be in place. To maintain a viable system, the industry must close the skills gap between its employees and the hackers.
Organisations across the United Kingdom are weighing in on cyber security reports and revealing the troubles that they face in securing the right talent. According to the 2017 Global Information Security Workforce Study, two-thirds of UK organisations find themselves without enough employees to properly handle cybersecurity threats for 6 months at a time.
Often, these organisations are never able to find and retain the needed expertise. By 2022, it is expected that there will be a skill gap of 350,000 workers in Europe: and not only Europe is suffering. According to a McAfee global study, 71 percent of employers say that the shortage of essential cyber skills in their company is inflicting calculable damage. These figures tell us that harm will be done not only to individual organisations, but to society if the cyber skills gap is not filled.
Why are people with cyber skills so difficult to find and keep? After all, companies offer competitive salaries and benefits to those who can work to protect their data. Furthermore, heavy coverage of ransomware attacks like WannaCry and Petya publicise the need for more cybersecurity professionals. Well, 55 percent of organisations seek employees with hands-on cybersecurity experience.
However, most companies do not want to risk giving new recruits the chance to tackle legitimate threats to their businesses. With one generation of cyber security professionals ready to retire, more and more UK organisations are heading towards the looming cyber skills gap with not enough new talent to fill it. Experts recommend that organisations invest in training and certifications and foster talent from within.
Network security expertise is also highly valued by employers, with twice as many job postings as mobile security roles. Employers also seek those who have experience with network packet analysers, and analysis of large sets of unstructured data to find trends and anomalies. Financial networks around the world are deploying intelligent network monitoring devices; these are coupled with Data Loss Protection, Intrusion Prevention and abnormal activity search; block appliances are being deployed by multiple security appliances.
Security appliances are being connected by TAPs and Packet Brokers to provide robust protection without impacting network reliability or availability. Yet no matter how advanced our technologies become for example here at Network Critical we are constantly evolving our product solutions to automate and make the job of the security or network manager easier providing 100% network visibility for the IT Security, Network Monitoring and Network Infrastructure teams.
That said cyber security and network skills are still needed if we are going to vigilantly protect our critical infrastructure. So how do we resolve the issue? It will take time and there is no silver bullet in answer to the question. We need to provide cyber skills and network training and opportunities to the next generation, we need to make the profession an attractive option within schools and universities and to work with education as well as the industry or we risk the collapse of services that we all depend so heavily upon.