Spotlight on leadership and cybersecurity in changing times

Metin Mitchell, Managing Partner, and guest contributors

Insights


Cybersecurity skills shortage – we are trying to solve the wrong problem
Tuesday, 19 June 2018 06:00

Cybersecurity skills shortage – we are trying to solve the wrong problem

Written by Metin Mitchell

There is a global shortage of cybersecurity skills, yet cybersecurity is the fastest growing and most pressing business issue for most corporates.

In all the solutions offered to solve this problem, I don’t believe they are going to help corporates within the timeframes needed – and actually I don’t think they willl solve the fundamental problem.

First, what are the problems?  I then want to look at how various organisations are tackling these – which I don’t think will shift current trends for years. And then I will outline my own thoughts on how organisations can tackle this problem now – there are ways, particularly in banking.

Cybersecurity skills problem is getting worse

CSO Online does an annual survey into cybersecurity skills.  In the 2018 cybersecurity skills survey, not only do cybersecurity skills continue to be the largest problematic skills shortage, but the problem is getting worse, year on year.  In 2013, 23% of the global respondents said their organisation had a problematic shortage of cybersecurity skills – by 2018 this was more than half of all organisations, at 51%.

The impact of cybersecurity skills shortage is increasing

It is probably obvious, but still needs saying.  Because organisations cannot recruit the skills they need, pressure on existing staff is increasing and critical tasks are being pushed down to people who haven’t got the experience needed.

A research report out in December 2017, The Life and Times of Cybersecurity Professionals, by the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) gives insights to the problem.

63% of respondents said cybersecurity skills shortage has increased the workload for existing staff, 41% have had to hire junior personnel instead of more experienced professionals, and 41% said cybersecurity professionals spend a disproportional amount of time on incident response and not enough time on planning and strategy. Not surprisingly, cybersecurity professionals do not have time to continuously learn in their job despite agreeing that it’s essential in order to prevent cyber attacks.

This means that many cyber security professionals are a step behind the hackers and fighting fires rather than proactively strategising how to mitigate future attacks.

How is the cybersecurity skills shortage being addressed?

Do a search on this subject and there is no doubt people across the world are scratching their heads and trying wide-ranging activities.  But they will not address this problem for years

How can we fill the cybersecurity skills shortage now?

Cybersecurity is a people problem, not a tech problem. In an earlier blog on The growing shortage of cybersecurity talent, I argued that we need to think outside the box and need a new model of cybersecurity skills at leadership level.

What are the real issues of cybersecurity?  Why is it a people problem?

This blog on the 9 common security vulnerabilities hackers exploit lists them as: mobile phones with ‘admin’ as their password, out-of-date patching, and weak email credentials and phishing.  These aren’t IT issues – they are poor employee practices.

So now to the solution.  And I focus here on the banking industry, where I have particular experience but the principles apply to every sector.

We need to recruit senior bankers who are comfortable with technology, to run cybersecurity.

What is happening at the moment is that some poor IT person tries to explain to the CEO the risks he (or she) is trying to address and the actions and budget they need. The language used is about IT – he can’t translate this into the language of the board to explain the scale of the issue and the investment or action needed.  He doesn’t do it in terms of the legal, commercial and technical aspects – or the risks to the chief executive’s job.

Bankers will look at the bigger picture – those who are used to technology will be able to understand the broad issues and can top up knowledge with specific cybersecurity training. But what they then have is the ability to translate technology into commercial language and risks.  And above all, they then know how to communicate and influence within the business – from board level to operational employees.

And it is this business head plus influencing skills that will make the difference to managing cybersecurity, reducing levels of risk and responding better when issues do arise.

Yes, we still need more people with practical tech and IT skills – but getting senior business people to manage the function is what will make the biggest impact at the fastest speed.

Banking on the Private Cloud: The Pros and Cons
Thursday, 10 May 2018 08:21

Banking on the Private Cloud: The Pros and Cons

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

Did you ever imagine there would be a time when a CEO could lose their job or bonus due simply to a technical issue? In the past week, the CEO of TSB, a major UK bank has come under intense personal pressure to relinquish his bonus and potentially step down from his role. The reason: Somebody messed up the transfer of customer records from the legacy system into a new location.

Read more…

When and Why Clouds Go Wrong
Tuesday, 03 April 2018 09:56

When and Why Clouds Go Wrong

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

Have you ever stopped to consider just how many of the technologies in our lives (and in our businesses) depend on public cloud computing?

Would your enterprise operations be affected if there were a cloud outage? How about your home life?

Read more…

The growing shortage of cybersecurity talent – how bad is it?
Monday, 26 March 2018 13:56

The growing shortage of cybersecurity talent – how bad is it?

Written by Metin Mitchell

This year I am delighted that we have launched our cybersecurity practice to help our clients address one of their most critical issues, that of assessing and sourcing cybersecurity talent.

Read more…

Saudi women – inspiring, leaning in and driving change
Tuesday, 20 March 2018 09:31

Saudi women – inspiring, leaning in and driving change

Written by Metin Mitchell

I have just finished attending the Women in Leadership Economic Forum in Riyadh and come away full of enthusiasm and optimism for what is going on in Saudi Arabia and the future for its very bright women.

Read more…

Does diversity drive innovation?
Tuesday, 13 March 2018 09:08

Does diversity drive innovation?

Written by Metin Mitchell

I am delighted to be on a panel next week, at the WIL Economic Forum in Riyadh, speaking on ‘Diversity drives Innovation – here’s why it works’. 

Read more…

2018 Trends in Hacking and Cybersecurity
Monday, 05 March 2018 09:35

2018 Trends in Hacking and Cybersecurity

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

According to a survey last year (the Fortinet Global Threat Report 2017), over 90% of organizations had experienced at least one attack that used a vulnerability that was over 3 years old. In that same report, it mentions that almost no attacks at all rely on zero day* threats.

Read more…

Two Thirds of Middle East Bank CEOs at Risk of Losing Jobs According to Metin Mitchell Research
Wednesday, 14 February 2018 10:30

Two Thirds of Middle East Bank CEOs at Risk of Losing Jobs According to Metin Mitchell Research

Written by Metin Mitchell

News release
14 February 2018

Two thirds of bank chief executives (71%) in the Middle East could be at risk of losing their jobs because they are not managing cybersecurity risks effectively.

Read more…

71% of Middle East bank CEOs at risk of losing their jobs
Monday, 12 February 2018 12:43

71% of Middle East bank CEOs at risk of losing their jobs

Written by Metin Mitchell

It used to be said that the only certainties in life were death and taxes. To this grim list a third is now added: you will be victim to a cyberattack. No company, no organization, no individual is immune.

The quickest way for a CEO to lose his or her job is to be ill prepared for an attack. How well a CEO prepares and how well their team deals with a cyberattack will all determine whether the CEO gets to keep their job when the bank is attacked.

Read more…

Is there really a cybersecurity skills shortage?
Monday, 29 January 2018 12:59

Is there really a cybersecurity skills shortage?

Written by Raef Meeuwisse

Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.

In this blog, I want to provide some valuable insights into the reasons that some firms struggle to obtain the cybersecurity skills they need, where others seem to have no challenge drawing in the right expertise.

Read more…

Cyber security – where is the skills gap in organisations?
Wednesday, 17 January 2018 13:02

Cyber security – where is the skills gap in organisations?

Written by Metin Mitchell

I was delighted to see a recent survey that young adults in the UAE are more likely to consider a career in cyber security than their peers elsewhere in the world. While it is heartening that the world – and especially the UAE – is waking up to the issues and the skills we need, it got me thinking about how cyber security careers are developed and a gap that I don’t believe is being addressed.

Read more…

How to mitigate the risks of cyber security through contingency planning
Tuesday, 02 January 2018 13:11

How to mitigate the risks of cyber security through contingency planning

Written by Angelos Christidis

Cyber security has become one of the hottest topics for leadership teams – both in terms of the risks from breaches and the skills needed to manage and address cyber security, which few leaders have. Rumi Contractor, in his blog Cyber Security – getting it right in the boardroom sets out the issues that boardrooms face. As we start the New Year, I want to help executives understand how they can mitigate against threats that put their company assets at risk.

Read more…

Page 1 of 4