Closing the skills gap: how can businesses level up their cybersecurity?
Cybersecurity skills gaps are a serious issue, but external expertise and secure cloud services can help to tackle the problem
For many employees, the shift to home working has removed the need for the daily commute and created a better work/life balance. But employees are not the only ones to benefit from recent changes in the way people work.
Cyber attacks surged during the pandemic as hackers took advantage of increased digital activity, with over 5,200 data breaches confirmed globally in 2021 so far – a sharp increase on the 3,950 reported in the whole of 2020. Given that data breaches often result in significant monetary fines and severe reputational damage, no business can afford to ignore this rise in malicious activity. Yet a survey by Censuswide on behalf of IONOS Cloud, Europe’s leading provider of cloud infrastructure and cloud services, found that over 40% of IT decision-makers believe their business has a cybersecurity skills gap, with a third admitting this gap is putting their organisation at risk of security threats.
Worryingly, a quarter of those surveyed also stated that their organisation is not adhering to necessary legislation. “These statistics are shocking,” says Achim Weiss, CEO of IONOS. “They show how vulnerable organisations could be – both to cyber threats, and monetary fines.”
While the skills gap is a clear issue, many businesses do recognise the importance of cybersecurity, with more than three-quarters of IT decision-makers from across the manufacturing, healthcare and insurance sectors saying it is either the top priority (34%) for their business or within the top three (42%).
However, when asked about cybersecurity risk assessments, there was a real disparity among the responses. Remarkably, only a third of those surveyed have conducted a threat analysis in the past 12 months, while 12% have never conducted one and don’t plan to. This demonstrates a lack of understanding regarding the importance of preventative risk monitoring, which can highlight security issues so they can be addressed before an incident arises.
Failing to identify and resolve these issues can have catastrophic repercussions – particularly given the number of ways that data breaches can occur today. When asked to identify the biggest threats to their business, respondents cited increased DDoS attacks, phishing and scam attacks, employees downloading unapproved apps and employees storing data improperly. So why aren’t businesses doing more to protect themselves from these threats?
“What’s clear from the new insights is that businesses understand the importance of both cybersecurity and data protection, but missing skillsets are leaving organisations extremely vulnerable,” says Weiss. “That’s why it’s vital companies put measures in place to plug these gaps, and don’t hesitate to work with external expertise to ensure businesses are protected.”
Despite any skills gap they might have, eight in 10 respondents to IONOS’s survey still believe they are prepared to handle a cyber attack – largely due to investment in more secure cloud services.
Carefully planned and configured cloud deployments provide scalable, flexible, and secure operations for businesses. External cloud providers, working with IT teams to implement a strategy that is tailored to specific business needs, also offer an extra layer of defence and additional knowledge on ever-evolving cyber threats.
It is essential that senior leaders understand how cloud providers can positively impact data management and cybersecurity. “This awareness allows you to have more informed and considered conversations when choosing external providers, allowing you to work with IT leads to put effective, cohesive strategies in place,” says Weiss.
As well as employing the right external expertise, senior leaders must also work closely with their teams to identify where cybersecurity knowledge gaps exist and create a plan to address them. In fact, a third of those surveyed said that because senior leadership had put more focus on cybersecurity, they felt more prepared to handle a cyber attack.
In addition, “IT teams must feel confident and trust that senior leaders will listen when they raise concerns on how skills gaps are impacting the business,” says Weiss. Biannual planning meetings can provide an opportunity to review skills across the business and get this conversation flowing. Once gaps have been successfully identified, staff can then be upskilled – or new team members hired – to plug them.
It’s important that senior leaders also show a willingness to learn new skills themselves. “Engaging and taking an interest in understanding the impact and possibilities of new tech on the business will show teams that this is a business issue you’re taking seriously,” Weiss explains.
Strong security procedures are essential for adhering to increasingly strict data protection laws. Nearly 60% of businesses surveyed said they are putting more focus on adhering to data protection, compared to before the pandemic. However, 13% are actually giving it less attention, with almost half of these citing time pressures and workload as the main reasons why they struggle to ensure the business is up-to-date with the latest legislation.
Although time constraints are understandable while businesses deal with fallout from the pandemic, few of them can afford to let data protection take a backseat. Indeed, with the Information Commissioner’s Office setting significant monetary fines for breaches to GDPR law, businesses must ensure they are fully aware of compliance procedures and the latest legislative requirements when handling personal data.
“When it comes to data protection, action must be taken to bridge knowledge gaps,” says Weiss. “IT teams are under great pressure to adhere to the latest legislation, but one way to help minimise risk when it comes to data is to work with European-based cloud providers that adhere to GDPR – rather than those that must also work under laws such as the US CLOUD Act.”
Any successful solution to the cybersecurity skills gap must also involve everyone in the business – not just overstretched IT teams. As Weiss says, “While factoring in improved software with better cybersecurity measures is a sound way to protect the business at a strategic level, having open dialogue with employees across all levels means cybersecurity and data protection knowledge is shared and best practices are front of mind at all times.”
To learn more about IONOS Cloud, visit: ionos.cloud/futurecio