Jobs and the Future of Work

We won't win the online security war without people power

Utkarsh Sanghi, a security engineer at Google, works in a hallway during the Black Hat USA 2014 hacker conference at the Mandalay Bay Convention Center in Las Vegas, Nevada August 6, 2014. REUTERS/Steve Marcus (UNITED STATES - Tags: SCIENCE TECHNOLOGY POLITICS BUSINESS) - GM1EA870JJ201

Organizations need to remember that people, as well as technology, can provide solutions to cyber-threats. Image: REUTERS/Steve Marcus

Kevin Taylor
President, Asia-Pacific, Middle East, Africa, BT
This article is part of: Annual Meeting of the New Champions

It’s estimated that two-thirds of people online – more than 2 billion individuals – have had their personal information stolen or compromised, and a business falls victim to a ransomware attack every 40 seconds. The threats are changing constantly, and there’s an acceleration in the production of new attacks, especially those that regularly evolve to evade security controls that can’t keep up. The Emotet malware, for example, changed the links or attachments being used to deliver the virus up to 24 times a day. And 99% of malware is used for less than one minute.

Faced with such a range of threats, it’s easy to focus on technology investment. Firewalls, anti-virus, malware detection, DDoS protection and every other kind of technology to try to prevent a potential breach.

Intelligence is vital

In the face of a rapidly changing threat landscape, security teams can be overwhelmed by the volume of data being picked up by a raft of security monitoring tools.

But a tool is nothing without the analyst sat in front of it. By drawing out abnormalities based on intelligence, analysts can then examine the threats, understand them and move quickly to mitigate risks.

That’s not to say that investing in IT security isn’t important. But the escalation in cybersecurity threats has created an unprecedented need for individuals with skills, talent and experience. Indeed, there will be a global shortfall of 3.5 million cybersecurity jobs by 2021.

There are three areas where organizations can help develop the necessary skills:

1. Security awareness

Security is becoming more personal, with organizations starting to understand the bigger role that individual employees must play in helping to strengthen their organization’s cybersecurity.

People are often the weakest link in the security chain: clicking that all-too-tempting prize-winning hyperlink on an email, leaving the fire-exit propped open for the pizza to be delivered during a night shift or revealing trade secrets to your fellow passengers during the journey home.

A lot of managers still struggle to “sell” the benefits of security training by failing to bring the consequences of a cyberattack to life. We continue to see people told to attend awareness courses without any engagement or real understanding of why it matters to them.

But that doesn’t make awareness programmes redundant. By making security awareness everybody’s job, you can often not only help protect your organization, but also your employee’s home life and that of their families and children, too.

By rewarding good behaviours, investing in people, training them and creating processes that change how they behave on an ongoing basis, your employees can be your biggest security asset.

2. Grassroots education

As we face a significant skills shortage in the future, it’s vital that together we help create the next generation of cyber defenders now.

From supporting National Cyber Security Awareness Month, the annual campaign to raise awareness about the importance of cybersecurity, to offering secondary schools free cybersecurity lesson plans or talks from security experts, organizations can provide structured ways of helping to attract more skilled workers into the security industry.

There are also opportunities such as Cyber Security Challenge UK, a series of national competitions, learning programmes and networking initiatives designed to identify, inspire and enable more people to become cybersecurity professionals.

Apprenticeships are also a fantastic way to overcome the skills gap. The results aren’t immediate, but with time, apprenticeships provide you with a steady influx of skilled, educated and specifically trained security workers.

3. Retaining skilled staff

A massive 97% of organizations have concerns about security skills, and two-thirds have trouble retaining the security staff they do have.

So once you have recruited skilled individuals, how do you keep them interested?

Those who have the right skills often command significant salaries, pricing them out of the market for all but the top organizations. Security experts want exciting opportunities and to work on stretching and pioneering assignments. They can get bored easily and need new experiences to keep them keen, so sometimes money isn’t the only factor in retention.

One of the ways to retain skilled staff is through development plans, specially designed to help them succeed in their job and make progress in their career. Offer them internal coaching, external training and practical support.

You can also make sure your security experts, especially "ethical attackers", those who attack your own defences to identify weaknesses, have the time to be creative. By giving them time to come up with new ideas of how they’d target you, you can then mitigate the risks and protect yourself.

Security is about more than technology

Security isn’t just about technology. It’s also about the people, partnerships, intelligence and expertise you need to stay one step ahead in the security race.

By putting people at the heart of protecting what matters most, you can stay ahead of the changing threat landscape.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Digital Communications

Related topics:
Jobs and the Future of WorkCybersecurity
Share:
The Big Picture
Explore and monitor how Digital Communications is affecting economies, industries and global issues
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

Investing in a more age-inclusive workforce can help us navigate demographic shifts

Kate Bravery and Mona Mourshed

December 20, 2024

How global corporations can support migrant workers

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum