Columnists

More investments will keep threats of cybersecurity at bay

cyber

Cybercrime is getting real and its impact even bigger. A recent Norton Cybercrime report by Symantec provides some startling statistics. There are 1.5 million victims of cybercrime every day, which translates to 18 victims per second!

As if that’s not enough, there is a shortage of cybersecurity talent globally. This lack of trained personnel has exacerbated the already difficult task of managing cybersecurity risks, leaving many businesses vulnerable to attacks.

Many governments and organisations are living with this scary reality. A global study by Intel Security, in partnership with the Centre for Strategic and International Studies (CSIS), reveals a cyber security talent crisis in even developed economies like Australia, France, Germany, Israel, Japan, Mexico, US and the UK.

The annual cost of cybercrime is estimated at a whopping $110 billion. Indeed, a 2017 IBM survey of 419 companies in 13 countries shows that the average total cost of a data breach is $3.62M and cost per lost or stolen record is $141.

While the highest number of cybercrime victims are found in Russia at 92 per cent, followed by China at 84 per cent, and then South Africa at 80 per cent, the threats have recently been growing in Africa, and specifically Kenya, targeting individuals, corporates, and more so financial institutions as well as government.

Incidentally, cyberattacks are perpetrated by state actors, organised groups, rival firms, criminals looking for financial gain, amateur computer criminals, disgruntled employees and contractors.

Business have little option but to elevate cyber security to a board-level agenda item. The threat of cyber warfare conducted by various actors such as business rivals is real and managers need to rise to the challenge or risk having their intellectual property compromised.

Governments and companies stand to lose big to cybercriminals if they don’t increase their investments in cyber security training. In fact, the global shortage is responsible for direct damage to organisations whose lack of talent makes them more desirable hacking targets.

Efforts by higher learning institutions like ECU, which is working on a comprehensive cyber security teaching and research programme should be supported by both private and public organisations. It’s about time more universities enhanced academic programmes in cybersecurity ranging from degree to PhD level.

With the increase in cloud, mobile computing and the Internet of Things, as well as advanced targeted cyberattacks and cyberterrorism across the globe, the need for a stronger cybersecurity workforce is critical. Many systems used in today’s industries are insecure because they are built to work using technology that is 30 to 40 years old.

Since cybercrime has become a service for sale, companies need a pool of experts to counter the ever-sophisticated mechanics developed by the criminals who are now in big business. Companies well prepared should be able to analyse threats and respond to them before they happen. By the time an alert is reported, the attack has already happened and is often too late to do anything about.

Thus, companies need professionals who can respond quickly and ensure the systems in place detect and fix the threats. If this international skills shortage continues by 2020, majority of digital businesses will suffer major service failures due to the IT security teams’ inability to manage digital risk.

Countries and companies can reverse this shortfall in critical cybersecurity skills by increasing expenditure on education, promoting gaming and technology exercises, and pushing for more cybersecurity programmes in higher education. The Internet of Things, which is estimated to grow to 20 billion devices by 2020, presents an interesting business opportunity, but also makes the threat landscape much larger and more complex.