“An alarming 86% of business and IT professionals globally believe there is a shortage of cyber security professionals” – according to the ISACA 2015 Global Security Status Report.
A digital skills gap exists across the entire technology industry within the UK. There is a huge disparity between what a UK business needs in order to prosper online and the digital talent that exists to make this happen. Although issues such as broadband availability and a lack of niche digital skills are certainly of relevance, the biggest focus needs to be on addressing the cyber security skills shortage within the UK. The continuously evolving world of cyber threats means that not enough IT professionals are available to help combat this enormous problem. As soon as experts are trained in the latest security measures, a new type of virus or malware is introduced into the landscape.
The most sophisticated type of cyber threat currently comes in the form of ‘ransomware’. An explosion of ransomware attacks have occurred across the world in the first few months of 2016. This malicious virus has been responsible for bringing down hospitals, schools and many other types of business with its method of hacking and encrypting a user’s files then demanding money for their release.
UK businesses who do not have adequate cyber security measures in place are leaving themselves exposed and vulnerable to attack. A recent study conducted at SecureData’s customer conference discovered that 97% of those interviewed believed data security to be critical to modern cyber strategy. 92% were in the process of adopting innovative cyber defences, but 33% believed that there would be a delay of up to a year before their business would be fully protected. Of greater concern, 36% suggested that full adoption of cyber security measures would take up to five years to be implemented in their firm.
In the meantime, how are businesses planning to protect themselves from the type of online ruin that can threaten the finances and reputation of a company?
Addressing The Skills Gap
One of the problems in hiring professionals with security skills is being certain that the qualifications and experience of a person is sufficiently able to match the level of threat that puts a UK business in danger. Through the launch of various initiatives, the UK government has been trying to encourage a greater number of people to equip themselves with cyber security skills. Qualifications such as ISO27001, CISSP, CISM and CLAS are the gold standard of skills that UK businesses require their cyber security staff to hold.
Whilst waiting for an influx of graduates to be trained in the latest cutting edge security skills, businesses are forced to turn to some typical and even desperate measures in order to protect themselves. Some are investing in the training of their existing technical staff to make them responsible for battling cyber security threats. Others choose to outsource their security management to professionals. However, most controversially, a third of British businesses would consider hiring an ex-hacker to join their organisation.
Ethical Concerns With Hiring A Hacker
It makes sense that businesses would want to hire employees who have the most experience in the world of cyber threats and an ex-hacker would undoubtedly fit this description. Secure Trading, a payments processing firm based in Canary Wharf, has hired Mustafa Al-Bassam, a reformed hacker whose previous credits include breaking into the systems of Fox, Sony and FBI affiliate Infragard. He was arrested as a teenager and sentenced to 20 months in prison. Chairman and founder of Secure Trading, Kobus Paulsen explained in a statement –
“There are very few experts in blockchain technology, and we’re very lucky to have Mustafa on board. By developing this project we hope to use his skills and create technology to help make the world of ecommerce safer for thousands of customers.”
However, employing an ex-hacker in a business environment poses some serious ethical problems. Firstly, it is imperative to consider the customer’s response to the hiring of an ex-criminal to safeguard their personal data. This also has significant compliance issues particularly in heavily regulated industries such as the UK legal sector. It is a huge risk to take, particularly as cyber threats in today’s business landscape can easily originate from inside an organisation as well as from an external location.
Surely the only way a UK business can prove to their customers that they have their best interests at heart when it comes to security, is to use ‘whitehat’ tactics to contest cyber security threats. Rather than taking the desperate measure of hiring an ex-hacker, it would be best to outsource your security management to a company that specialises in cyber security. By doing so, you will never need to worry about the security skills shortage in your own internal technical teams. Instead an outsourced IT security team will be qualified and experienced to manage your approach to blocking the latest cyber threats that plague the world.
Our own security team are industry specialists in providing safe and secure IT systems for the legal sector. We have a wealth of experience and access to the latest innovations in security products to help bring peace of mind to your organisation. By outsourcing your security management to our team, you can be assured that you will never be in breach of compliance policies that are set out by the regulatory bodies in the legal industry. If you’d like to know more about how we can develop an IT roadmap for your business, then get in touch today for a free security review.