Resilience is at the heart of information security. As threats adapt and evolve and we accept that systems will be compromised, it is no longer enough just to have strong defences in place. The sophisticated tools and techniques of threat actors will find a way around them. Organisations, their security architecture, systems, policies and strategies need to be resilient, able to cope, recover and, most of all, to learn from incidents.
Our sector as a whole needs to be resilient; human skills and expertise are at the heart of this. We must attract, recruit and retain the talent and skills to tackle new and emerging risks and challenges. We must also embrace diversity in all its forms to find, nurture and train professionals.
The need for more diverse skills
It is the responsibility of every organisation to drive inclusivity and diversity in the industry. We should look beyond the traditional routes into information security and think about other transferable skills and attitudes that can offer so much. These include broader business skills, such as the ability to negotiate, financial acumen and leadership skill, that are increasingly needed as part of a modern-day security team.
It also includes skills from outside the industry, so it is encouraging to see organisations starting to recruit more people from sectors like healthcare, the emergency services, design and gaming.
But resilience goes much further than this. We, as infosecurity professionals, need to be resilient ourselves, developing new skills and, on a personal level, being resilient to the pressures and stress currently facing our industry.
Employee mental health and wellbeing should be an essential consideration for all employers and be part of company culture and organisational values. But perhaps we could do more in an industry that is faced with growing cyberthreats, longer working hours and individuals often having to make up gaps left by under-resourced teams. It’s clear from what we are hearing from our community of chief information security officers that infosecurity professionals are under more pressure than ever before.
But with challenges come opportunities. The industry is undergoing a huge transformation as it embraces new and emerging technologies, such as quantum computing, data analytics and artificial intelligence tools, which can play a key role in enhancing the capabilities of security systems to identify and mitigate risks, and ease the pressure on security teams.
The importance of working together
As an information and cybersecurity community, we can help to keep our world safe and unlock more of the good things that technology promises and delivers. There is no time like the future and, ultimately, it is in our hands. But this goes beyond just the information security industry and out to a wider group of individuals and organisations.
By working together, companies, governments, industry bodies, academia, suppliers and other stakeholders can share their knowledge and intelligence, learn from each other and get ahead of cybercriminals. This need to collaborate and share knowledge has never been more important as new kinds of threats emerge from new breeds of attackers, and we need to stay one step ahead.
Resilience is our conference theme this year, addressing the most relevant and decisive factors in information and cybersecurity in the next five years.
By building resilience across the industry, we can move towards a more secure world and a more secure future.