Cyber crime is a threat that is growing all the time. Every year, attackers get more sophisticated and come up with new ways of breaching network security defences. As a result, security professionals are in a constant arms race with criminals to protect their systems and safeguard the wider business.
Therefore, demand for cyber security roles and professionals with expertise in this area is higher than ever. But how is this threat evolving, and what skills will firms need to counter these attacks?
The growing threat of cyber crime
Cyber crime has become a leading concern for companies of all sizes, and the threat has been growing rapidly in recent years.
In fact, business insurance firm Allianz found that in 2020, this was rated the number one threat by risk management leaders, with 39 per cent of professionals naming it as a leading issue. By comparison, in 2013, the same survey found only six per cent of respondents rated it as a risk, placing it just 15th on the list.
Meanwhile, the UK government's Cyber Security Breaches Survey 2021 also shows more firms are coming under attack, with larger enterprises particularly at risk. It found:
- 39 per cent of businesses overall reported cyber security breaches in the previous 12 months.
- 64 per cent of large businesses and 65 per cent of medium-sized firms experienced a breach.
- 27 per cent of firms experience attacks at least once a week
- 35 per cent of businesses reported negative impacts from these attacks, such as data or financial loss, or the cost of new systems to protect firms in the wake of an incident.
It also found that new ways of working in the wake of the Covid-19 pandemic have opened up many opportunities for cyber criminals to take advantage. Trends such as remote and hybrid working, which are here to stay in many companies, make it more difficult for IT pros to protect their systems from attack as the number of endpoints grows.
At the same time, several key activities are being overlooked. For instance, the survey revealed:
- Fewer firms are deploying security monitoring tools than in 2020 (down from 40 per cent to 35 per cent).
- Fewer businesses (83 per cent vs 88 per cent in 2020) have up-to-date malware protection.
- Fewer businesses (78 per cent vs. 83 per cent) have set up network firewalls.
- Almost a third of large enterprises (32 per cent) have laptops running unsupported versions of Windows.
Key cyber crime trends firms must deal with
While many attacks are becoming more sophisticated, lower barriers to entry allow more criminals access to the technologies they need to target businesses.
The National Crime Agency, for instance, reports: "The scale and complexity of cyber attacks is wide-ranging. 'Off the shelf' tools mean that less technically proficient criminals are now able to commit cyber crime, and do so as awareness of the potential profits becomes more widespread."
Meanwhile, Verizon's 2020 Data Breach Investigations Report found 86 per cent of breaches are financially motivated, while 55 per cent come from organised crime. Among its other findings, it revealed:
- 45 per cent of breaches involved hacking
- 22 per cent of breaches were caused by errors
- 22 per cent were the result of social engineering attacks
- 17 per cent involved the use of malware
- Eight per cent were the result of misuse by authorised users
This highlights how attackers can use a multitude of tactics to get access to business systems and data.
Whether it's direct attacks such as SQL injections, taking advantage of misconfigurations or zero-day vulnerabilities, ransomware, or phishing attacks, cyber security professionals will have to be aware of a wide range of potential attack vectors.
The costs of failing to protect business systems
The consequences to businesses of failing to tackle cyber crime threats are higher than ever, both in terms of direct financial losses and wider reputational damage.
For instance, IBM and the Ponemon Institute's 2021 Cost of a Data Breach report found that the last 12 months had the highest average cost in 17 years, with firms in the UK facing costs of $467 million (£3.38 million) per breach, up from $3.9 million in 2020. There are several factors that contribute to these losses, including:
- Direct lost business as a result of downtime
- Investigation and forensics activities
- Customer churn due to lost reputation and trust
- Notification requirements
- Customer compensation and regulatory fines
However, costs can vary widely. The most expensive breaches are typically those that involve the loss of personally identifiable information (PII), so protecting these records must be an especially high priority. Indeed, IBM noted each lost record containing customer PII costs a firm $180, and as these are included in 44 per cent of breaches, these expenses can quickly mount up.
The key roles businesses need
To avoid these consequences, it's vital businesses have skilled and experienced cyber security personnel to build and maintain defences, as well as respond to threats in progress.
However, this continues to be a challenge for many firms. According to research from the Information Systems Security Association, 70 per cent of organisations suffer from a skills shortage in this area.
Meanwhile, the EC-Council has highlighted the most in-demand cyber security job roles among employers in 2020, which include:
- Ethical hacker
- Security analyst
- Penetration tester
- Digital forensic analyst
- Security software developer
- Chief information security officer
- Security architect
Therefore, anyone with skills and experience in these roles is likely to find there are great opportunities out there to advance their careers. If you're looking for a new challenge or a change of role, find cyber security jobs today to take the next step.