The cyber security skills gap

In February 2020, Dolfin’s COO, Amir Nabi, ran a simulated hack on the organisation’s network. The system proved to be robust, but it was a prescient move, since within just a few weeks our entire workforce would shift to remote working, with all its attendant cyber security challenges. Research by the IT security firm Barracuda Networks found that 46 per cent of organisations across the UK, US, France and Germany have suffered at least one ‘cybersecurity scare’ since the coronavirus lockdown began – unsurprisingly, since many were unprepared for the technical challenges lockdown would present, with 51 per cent saying their workforce was not proficient or properly trained in the cyber risks associated with remote working, and half allowing employees to use personal email addresses and personal devices to conduct company work.

The risk to companies’ data, systems and even cash was compounded by a global cyber security skills gap. According to research by the UK’s Department for Culture, Media and Sport (DCMS), seven in 10 cyber sector businesses have tried to recruit someone in a cyber role within the past three years, and a third of their vacancies were reported as being hard to fill. Across the UK, 54 per cent of businesses lack basic cyber security skills and one in four public sector organisations have just one individual responsible for cyber security.

The people pipeline

The DCMS research was conducted by Ipsos MORI, in association with Perspective Economics and  Steven Furnell, Professor of Cyber Security at the University of Nottingham. Furnell believes that when it comes to cyber security, firms are in a catch-up phase.

“As we have become more reliant on technology, attacks on it have increased,” he says. “And cyber security used to be seen as a role that fell within the IT remit, rather than as a specialist skill. We are in a position now where the pipeline is established, there are degree courses and certifications and people are coming through. But employers want experience – people who can hit the ground running, not new graduates.”

And it’s not just in terms of numbers of qualified professionals to fill vacancies that firms are having to play catch-up. It’s often said that cyber criminals are forever one step ahead of the experts seeking to protect companies’ systems and data.

“Attackers set the agenda in terms of what organisations need to respond to and confront, and the types of attack that are prominent,” Furnell says. “In recent years, we have seen an increase in ransomware attacks, which have the intention of extracting money from the victim, and since the Covid crisis there has been a surge in phishing-related scams – messages claiming to offer information about the pandemic, which exploit people’s anxiety.”

Ready for remote working

“During these unprecedented times, companies have had to adapt and make swift changes in order to continue to run their businesses,” Nabi says. “Dolfin’s IT strategy has always been cloud and hybrid based which greatly helped implement a full migration to a remote setup. Our IT team worked around the clock and successfully rolled-out a 100% remote working environment. However, with such changes, new risks emerge and in some cases security related issues. Dolfin’s IT is continuously reviewing and monitoring their IT systems to ensure new risks are identified and managed appropriately.”

Thanks to thorough preparation before the crisis hit, Dolfin had escaped the initial months of the pandemic unscathed from a cyber security point of view. But other businesses may not be so fortunate.

“Many organisations were unprepared for remote working,” Furnell says. “SMEs in particular were less likely to be prepared, and they now face the same level of threat as larger organisations. However, it remains to be seen how successfully organisations have responded, and many companies that did little in advance are likely to still be racing to catch up.”