All
Cybersecurity skills gap increases to 2.9 million globally
https://cybersecureforum.co.uk/wp-content/uploads/2018/10/Skills-Gap.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gNew research shows a widening of the global cybersecurity workforce gap to nearly three million across North America, Latin America, Asia-Pacific (APAC), and Europe, the Middle East and Africa (EMEA).
The 2018 (ISC)² Cybersecurity Workforce Study (formerly the Global Information Security Workforce Study) is based on feedback from a sample of professionals responsible for securing their organisations around the world.
It includes IT/ICT staff within organisations ranging from large enterprises to small businesses who may or may not have formal cybersecurity roles but do have hands-on responsibility for securing critical assets every day – spending at least 25% of their time on such activities.
Key insights revealed in the study include:
- Of the 2.93 million overall gap, the Asia-Pacific region is experiencing the highest shortage, at 2.14 million, in part thanks to its growing economies and new cybersecurity and data privacy legislation being enacted throughout the region
- North America has the next highest gap number at 498,000, while EMEA and Latin America contribute a 142,000 and 136,000 staffing shortfall, respectively
- 63% of respondents report that their organisations have a shortage of IT staff dedicated to cybersecurity. 59% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
- 48% of respondents say their organizations plan to increase cybersecurity staffing over the next 12 months
- 68% of respondents say they are either very or somewhat satisfied in their current job
- Women represent 24% of this broader cybersecurity workforce (compared to 11% from previous studies), while 35% are Millennial or Gen Y (compared to less than 20% from previous studies)
- More than half of all respondents globally (54%) are either pursuing cybersecurity certifications or plan to within the next year
Some of the biggest career progression challenges respondents reported are:
- Unclear career paths for cybersecurity roles (34%)
- Lack of organisational knowledge of cybersecurity skills (32%)
- The cost of education to prepare for a cybersecurity career (28%)
The four areas cybersecurity pros feel they will need to develop most or improve on over the next two years in order to advance in their careers include:
- Cloud computing security
- Penetration testing
- Threat intelligence analysis
- Forensics
“This research is essential to fostering a clearer understanding of who makes up the larger pool of cybersecurity workers and enables us to better tailor our professional development programs for the men and women securing organizations day in and day out,” said (ISC)2 CEO David Shearer, CISSP. “We will share these powerful insights with our partners in government and the private sector to help establish the programs necessary to advance the cybersecurity profession. By broadening our view of the workforce to include those with collateral cybersecurity duties within IT and ICT teams, we discovered that professionals are still facing familiar challenges, but also found striking differences compared to previous research, including a younger workforce and greater representation of women.”
Download the full study at www.isc2.org/research.
NCSC deals with 1,100 cyber attacks in first two years
https://cybersecureforum.co.uk/wp-content/uploads/2018/10/NCSC-Cyber-Attacks.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gThe National Cyber Security Centre (NCSC) has defended the UK from an average of more than 10 attacks per week in the two years since it was set up.
The NCSC, a part of GCHQ, has published its second Annual Review, which highlights the sustained threat from hostile state actors and cyber criminals.
Since it became fully operational in 2016, the NCSC’s cyber security front line has helped to support with 1,167 cyber incidents – including 557 in the last 12 months. The report reveals the majority of attacks against the UK are carried out by hostile nation states.
The Annual Review gives detail about the tactics used by the NCSC’s Incident Management team, who work behind the scenes to co-ordinate defences to support UK victims when attacks do get through.
For the first time, the NCSC is giving a glimpse into the work against the ongoing cyber threat in a podcast, “Behind the scenes of an incident”, which features interviews with a range of staff who defend the UK from cyber attacks.
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: “As the minister with responsibility for overseeing the implementation of the National Cyber Security Strategy, I am proud of what NCSC has achieved in just two years of operations.
“Our National Cyber Security Strategy set out ambitious proposals for how this Government will defend our people, deter our adversaries and develop UK capabilities to ensure we remains the safest place to live and do business online.
“NCSC has more than risen to this challenge, defending the UK from over 1,100 cyber attacks and reducing the UK’s share of global phishing attacks by more than half.”
The NCSC takes a proactive approach to securing the UK’s online defences. The Active Cyber Defence (ACD) initiative aims to protect the UK from high-volume commodity attacks that affect people’s everyday lives.
Since its launch, ACD has reduced the UK’s share of visible global phishing attacks by more than half; from 5.3% to 2.4%. Between September 2017 and August 2018, the service has removed 138,398 phishing sites hosted in the UK.
Ciaran Martin, Chief Executive of the National Cyber Security Centre said: “I’m extremely proud that the NCSC is strengthening the UK’s defences against those who seek to harm us online.
“We are calling out unacceptable behaviour by hostile states and giving our businesses the specific information they need to defend themselves. We are improving our critical systems. We are helping to make using the Internet automatically safer.
“As we move into our third year, a major focus of our work will be providing every citizen with the tools they need to keep them safe online. I’m confident that the NCSC will continue to provide the best line of defence in the world to help the UK thrive in the digital age.”
Earlier this year, the government’s flagship cyber security conference, CYBERUK, was held in Manchester and attracted 2,500 delegates.
Following the success of CYBERUK 2018, the NCSC will widen its geographical footprint in year three as Scotland will, for the first time, host the 2019 event. Government and industry professionals will gather in Glasgow, one of the first UK cities to get 5G internet, on 24 and 25 April to share cyber security best practice in the face of complex problems and threats.
Director GCHQ, Jeremy Fleming said: “In just two years, the NCSC has become a world leading organisation. I’d like to thank everyone at the NCSC for the outstanding work they do every day.
“Whether that’s thwarting the growing cyber threat from hostile nation states, providing excellent incident management services to large and small businesses, or pushing the boundaries of research and innovation, the NCSC operates on the front line of efforts to keep us all safe online.”
The Annual Review 2018 can be reached here and you can also listen to the NCSC’s first podcast – behind the scenes of an incident.
Security IT Summit 2019 – Secure your free place
https://cybersecureforum.co.uk/wp-content/uploads/2018/08/Meeting-2.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gSecure your free place at the Security IT Summit – it takes place on July 2nd 2019 at the Hilton London Canary Wharf and is an unmissable event for cyber security professionals.
It will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.
In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.
And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:
– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day
You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.
Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.
Register for your free place here.
Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.
To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.
Do you specialise in Employee Security Awareness solutions? We want to hear from you!
https://cybersecureforum.co.uk/wp-content/uploads/2018/10/Employee-Awareness.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gEach month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – in November we’re focussing on Employee Security Awareness solutions.
It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.
So, if you’re a Employee Security Awareness specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.
Here are the areas we’ll be covering, month by month:
November – Employee Security Awareness
December – Malware
For information on any of the above topics, contact Stuart O’Brien on stuart.obrien@mimrammedia.com.
Reading is UK’s top destination for cybersecurity professionals
https://cybersecureforum.co.uk/wp-content/uploads/2018/10/Reading-Top-Destination.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gA new study has revealed the top UK cities for those working in the cybersecurity industry, measured against a criteria of salary levels, affordability, job availability and sector growth potential.
Reading came out top of the rankings, followed by Leeds, Cardiff, Edinburgh and Manchester, according to data pulled together by cyber security training outfit, Crucial Academy.
The research makes for interesting reading (no pun intended) against the backdrop of the perceived skills gap within the UK’s cybersecurity community, and beyond – the Information Systems Audit and Control Association (ISACA) estimates a global shortage of 2 million cyber security professionals by 2019, according to the UK House of Lords Digital Skills Committee.
In August, research from Databarracks revealed only 56 per cent of UK firms believe they have sufficient cybersecurity skills in-house to deal with the numerous threats they are facing, according to new research.
Databarracks questioned over 400 IT decision makers in the UK as part of its 10th annual, survey in order to understand their views on a series of issues relating to IT security and business continuity.
And 12 months ago the UK Government said it was “acutely aware” of the need for more skilled cyber security professionals working within the sector, and that it was embarking on a series of initiatives to help promote the profession.
Discussing the concern with members of UK technology industry body TechUK, Matt Parsons, head of cyber security skills at the Department for Culture, Media and Sport (DCMS) said at the time: “We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale.
“Using what we have learned, we are planning to scale up and look at how we can support the cyber security industry – and get more people in at a quicker rate.”
Neil Williams, CEO of Crucial Academy, said: “The cyber security skills gap is a growing issue across the UK. Every city in the ranking is a tech hub within its own right, however, it is fascinating to see which cities, based on these factors, may be more attractive to the much-needed talent pool of cyber security professionals.”
Tom Marcus, an MI5 veteran who works with Crucial Academy, said: “Cyber security is one of the most serious issues UK business faces today. For young people leaving education, ex-military people looking to transition to civilian life or those looking for a career change, there is no career no more Brexit-proof than cyber security.”
NCSC outlines case against Russian military hackers
https://cybersecureforum.co.uk/wp-content/uploads/2018/10/Russian-Hacking.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gIt says the attacks have been conducted ‘in flagrant violation of international law’, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds.
The statement came as part of a joint message coordinated with the likes of the US and France.
Specifically, the NCSC says cyber attacks orchestrated by the GRU have attempted to undermine international sporting institution WADA, disrupt transport systems in Ukraine, destabilise democracies and target businesses.
It says the campaign by the GRU shows that it is working in secret to undermine international law and international institutions.
The Foreign Secretary, Jeremy Hunt said: “These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.
“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens. This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.
“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”
The statement from the NCSC used the strongest language possible, saying: “Given the high confidence assessment and the broader context, the UK government has made the judgement that the Russian Government – the Kremlin – was responsible.”
The body says the GRU are associated with the following names:
- T 28
- Fancy Bear
- Sofacy
- Pawnstorm
- Sednit
- CyberCaliphate
- Cyber Berkut
- Voodoo Bear
- BlackEnergy Actors
- STRONTIUM
- Tsar Team
- Sandworm
Get ready for the Security IT Summit 2019
https://cybersecureforum.co.uk/wp-content/uploads/2018/08/Meeting-2.jpg 960 640 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/81af0597d5c9bfe2231f1397b411745a?s=96&d=mm&r=gThe Security IT Summit will take place on July 2nd 2019 at the Hilton London Canary Wharf – and it’s your gateway to the best cybersecurity products and services the market has to offer.
The event will provide you with a rare full working day of networking, learning and connection building – plus cost-saving cybersecurity solutions.
In short, the Security IT Summit will enable you to lay the groundwork for your organisation’s cyber security strategy.
And what’s more, the Security IT Summit is completely FREE to attend as our VIP guest – benefits include:
– A personalised itinerary of meetings with solution providers who match your project requirements
– Attendance to a series of seminar sessions hosted by industry thought leaders
– Informal networking with peers
– Lunch and refreshments provided throughout the day
You’ll be joining 65+ other senior IT security professionals, and the the industry’s most trusted solution providers.
Among the delegates attending the last Security IT Summit were representatives from Arcadia, British Red Cross, Barclays PLC, Cancer Research, Fenwick, Financial Ombudsman Services, GE Capital, John Lewis, London Stock Exchange Group, Marshall Motor Group plc, Moonpig, Nationwide, O2 Telefonica, Pret A Manager, Prudential, The Guardian, Vodafone, Yorkshire Housing and more.
Register for your free place here.
Or for more information, contact Emily Gallagher on 01992 374085 / e.gallagher@forumevents.co.uk.
To attend as a solution provider, call Chris Cannon on 01992 374096 or email c.cannon@forumevents.co.uk.