Here, we’ll take a look at such threats and how organizations can successfully combat the risks they pose towards effective cybersecurity initiatives.
Fatigue from the pursuit of ‘Cyberlandia’ will be felt across teams
Most cybersecurity teams are dreaming of what I like to call Cyberlandia: the optimum state of cyber readiness, with happy employees who feel empowered to face whatever threats they encounter. But, during this pandemic, cybersecurity teams may be feeling like Cyberlandia is an impossible destination. COVID-19 has impacted nearly every aspect of life, and while the year ahead promises a new start and capitalizing on lessons learned from 2020, cybersecurity practitioners will still be expected to defend an even wider attack surface as most organizations continue to conduct business remotely.
To meet these demands, cyber leaders must have a finger on the pulse of organizational well-being. This means leaders should be consistently checking in with their employees (via phone and video calls as employees continue to work from home) to ensure they are empowered to prioritize their own personal and mental health. If employees are worn down they need the flexibility to walk away from work or just dial into their next call as video fatigue flares up. Cybersecurity is filled with frequent high-stress and high-risk discussions. A good leader will know how to disclose this information in an effective way that limits this stress as much as possible in order for teams to overcome the challenges ahead, instead of being crushed by the pressure they can cause.
A growing skills demand can be met with intentional talent development efforts
According to a 2019 (ISC)2 Cybersecurity Workforce Study, the current cybersecurity workforce needs to grow by 145 percent to meet global demand. Fortunately, this year’s crop of talent has already demonstrated their work ethic in a virtual environment under unprecedented circumstances while exercising their skills through practical offerings such as the National Collegiate Cyber Defense Competition (NCCDC). What sets many of them apart from their more tenured counterparts is that they have experienced and successfully performed while facing real-world threats even before earning their degree. It will be key to support these individuals in order to meet the expected skills demand. We still have to face a scarcity of cyber talent and the answer has to be more than bidding wars for the same pool of people. We need to develop the skills of individuals from all backgrounds, traditional and nontraditional, who are curious and think creatively and can address the specialized needs for the depth of expertise that only subject matter experts can address. With the shift to remote work in the face of a pandemic, it means we have to be even more intentional in our talent development efforts.
There will be an urgency to protect against growing cyber threats
As COVID-19 disruptions begin to wane, companies and governments will fast track projects and product releases that have been deprioritized or delayed. Organizations will again redefine their employees’ work patterns of virtual versus in-person work, taking on the risks of both. Nation-states, with renewed capacity and pent-up pressures, will intensify their cyber activities for both intelligence and economic gain. Fortunately, recognition of these changes will drive organizations to confront their risks and begin to take action. With strained budgets and labor pressures, many leaders will see the benefit of shifting to an outcomes-based contracting model, rather than deferring needed cybersecurity investments.
The “at home” work will continue at some level for many companies and combining that with company networks will increase the attack surface yet again. Nation-state adversaries will continue the momentum they gained in 2019 and will intensify focus on our critical infrastructures largely because they remain vulnerable. The Space infrastructure, our communications systems, health care industry, are all at high risk. These adversaries are not afraid to infiltrate our systems located on US soil, and the rising market demand for offensive cyber tools and capabilities has led to more sharing between these nation-states and criminal groups resulting in an increase in both the volume and velocity of attacks.
Consequently, the imperative for us to share more timely and actionable threat intelligence between our public and private sectors has never been greater. Actionable threat intelligence sources provide the tactics, techniques and procedures that can be fed to advanced analytics/ML systems to enable them to detect and predict attack patterns, and target and remediate the malicious cyber actors before they are able to succeed. This is a call for “an all of nation approach” to protect the infrastructures we rely on daily.
Taking aim at such high-pressure situations that will have a direct impact on cybersecurity initiatives will be imperative to an organization’s security posture. The next cyberattack may not be completely avoidable but preparing teams properly and understanding exactly what an impact such preparations can have will help ensure the consequences of such a breach are mitigated as quickly and effectively as possible.
About the author:
