The dangers of going it alone with cybersecurity

Despite an estimated increase of around 19.9% in cybercrime last year, half of all UK businesses still have just one person in charge of managing cybersecurity, according to UK Government figures.

Mark Skelton, CTO and VP of CANCOM UK&I, believes this purely ‘DIY’ approach to cybersecurity is now irresponsible for businesses within today’s ultra-connected environment. In the below viewpoint. He argues that the current growth in the frequency and sophistication of cyberattacks has made the pressure on in-house IT teams untenable and that businesses should seriously evaluate their need for external support.

If 2020 goes down in history as the year that shifted the priorities, goals, and needs of businesses across every sector, 2021 should go down as the year of learning, evaluation and growth. This year and beyond, there are many learnings for businesses to consider and challenges to overcome. A key priority must be cybersecurity and how it is managed – which is a challenge considering that many organisations don’t really know what they need in today’s fast-evolving threat landscape, whilst others despite using ‘a proliferation of’ cybersecurity tools, are still being hacked, and are simply overwhelmed.

Recent research shows that 63% of CISOs have observed an increase in the number of cyberattacks, whilst a HISCOX study found that one in six businesses that were attacked in the last year went under. The UK Government has also reported that four in ten businesses (39%) were victims of cybersecurity breaches or attacks. These are incredibly worrying statistics for business leaders and employees, who are being targeted more than ever.

As companies look ahead and construct plans for the best way to conduct business, post-pandemic, it is crucial to evaluate the best cybersecurity posture for individual business needs – with the following key considerations as part of this decision-making process.

Growing pressures on in-house IT teams

Virtually overnight, the role of an IT support team changed from a role committed to a certain set of circumstances, in one place, to a dispersed, varied minefield of new tech issues that needed to be handled remotely. With many teams that were fully virtual over the pandemic now set to move to a hybrid working mode, this diverse IT support role will only continue to expand in terms of role requirements, with smart meeting rooms and increased reliance on mobile devices putting more pressure on teams.

Put simply, IT teams are unsustainably stretched – which the numbers only back up. According to UK Government figures, half (50%) of all businesses have just one person managing or running cybersecurity in-house; even among large businesses, the average cyber team comprises just two to three people. Defending businesses against increasingly sophisticated cyber threats is an incredibly demanding task; as a result, teams struggle to stay on top of important security practices such as vulnerability management and 24/7 network monitoring.

Business leaders must evaluate the capacity of IT teams and stress-test for when things go wrong. How long would it take an IT team to spot a breach, for example? Would this time put many of the team offline and affect business operations? Downtime is highly costly for businesses, with estimates of a loss of income at more than £4,000 per minute, dependant on company size and outage time. That’s why the speed of detection is what many customers are now focussing on; however, few companies have 24×7, always-on security professionals at hand that can swiftly detect and remediate. And this slow response time can cost businesses crippling amounts, especially when it comes to large-scale attacks. The significant ransomware attack on the Irish health service’s computer systems just last month is estimated to cost more than £850,000 in terms of reversing the damage.

Businesses need experts who truly understand threat intelligence and the difference between false positives and real threats – and this expertise needs to run across a company’s entire technology stack. But this expertise is tricky for many organisations to acquire in house, especially given the high salaries of cybersecurity professionals.

Maximising cyber budgets

Developing the correct cybersecurity and ensuring staff have the knowledge to stay abreast of the latest technologies and threats – with training and ongoing education – is an investment that must be carefully managed.

To identify, deploy and update several best-of-breed technologies into one comprehensive security position takes time, effort and continuous resources. This is why many under-resourced CISOs, CTOs and technical managers opt for smarter, security-as-a-service alternatives. Security consulting and managed services aim to take a proactive approach, learning from threat intelligence and the customer base, to help customers stay in step with the changing threat landscape.

The growing IT skills gap

A recent report from the UK Government showed that a large proportion of non-cyber organisations have staff who carry out IT security functions on purely an informal basis; only 7% of businesses even had this responsibility formally written into the job description. The Government has also formally identified a cybersecurity skills gap in the UK, which clearly marks the pressing need for more cyber skills training across the board. Encouragingly, there are some steps being taken to address these skills shortages; in the recent Queen’s speech, new funding options for training were announced for upskilling workers and filling knowledge gaps. However, it stills falls to organisations and their in-house teams to do much of the heavy lifting.

READ MORE:

The cyber threat landscape is constantly evolving, meaning that managing cybersecurity requires specialist knowledge and skills that must be continuously refined and updated to reflect the complex threat landscape. Finding time for in-house staff to undertake dedicated security training is often difficult, particularly if it falls within the remit of already-stretched IT teams. To limit the risks posed to both businesses and the well-being of IT staff, effective cybersecurity and risk management requires dedicated professionals that are specifically trained, able to continuously identify new threats and maintain digital resilience across your entire organisation – from your infrastructure, your apps and data, to your network and endpoints. By outsourcing security, businesses can gain access to a breadth of specialised, honed knowledge, as well as an external viewpoint and fresh perspectives, which are essential when making any changes in or additions to IT infrastructure as businesses grow. And, above all, as we adapt to a new way of hybrid working and finally find our way out of lockdown, businesses must avoid making the same mistakes of 2020.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Mark Skelton

Mark Skelton, CTO at CANCOM UK, heads up its Professional Services division with overall responsibility for the UK’s technology strategy. Mark is an expert in digital transformation, workplace transformation and hybrid IT strategy.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...