By Sunil Sharma
Over the last year, and the last few months especially, stories of organisations crippled by ransomware attacks, and cloud security issues among others dominated the news headlines. At a time when remote working and public cloud usage soared, cybercriminals leveraged this to launch attacks that demanded six-seven figure ransoms.
The India edition of EY’s Global Information Security Survey Report (GISS) 2020 found that 53% of organizations experienced a cyber breach in the 12 months gone by. Despite that, in a report commissioned by us, we found that 97% of Indian IT managers felt that security expertise could be improved within their organizations. While there has been a significant rise in the awareness around cybersecurity, and the adoption of solutions, the buck does not stop there. Adopting next-generation cybersecurity solutions and processes, is just the first step towards protection from attacks.
The real challenge lies in having the right talent on board to combat new age threats, which are advancing as we speak. At the cusp of this revolution, hiring and training staff to be able to meet the requirements of the day is a topmost priority. Hence organisations must have a strong team with the following skills in place, to fully protect their interests.
- Black hat thinking
They say if you want to make a home or office burglar-proof, hire the best-known thief. Similarly, when working in the cybersecurity space, it is important to think like a hacker. With the number of cyberattacks increasing day by day, being able to anticipate an attack is often more useful than working on damage control afterward. Penetration thinkingis a great skill to master, towards taking a proactive approach in the cybersecurity space.
- Intrusion detection/Firewall /IPS/IDS skills
Backdoor codes and powerful Trojans will always be looking to steal confidential data by breaching authentication layers. In this case, having not only a strong intrusion detection software but also a technologically savvy resource can potentially save a company millions.
A next-generation firewall is a must security solution to have. However, one also needs skills that help to leverage a firewall to prevent unauthorized access to the network and filter its traffic. A strong knowledge of Intrusion Prevention Systems (IPS), and Intrusion Detection Systems (IDS), and its co-relation with firewalls, will also a long way in helping to stop an attack before it can happen.
Additionally, being certified in all these technologies can fetch one a high paying job, in addition to becoming a valuable resource to the cybersecurity universe at large.
- Application security development
As cyberattacks become more brazen, there’s never been a better time to build on application security development skills. One must be able to enhance the security of any given application by identifying, fixing, and preventing its vulnerabilities from being exposed. Additionally, as an expert in this space, testing, and validation of software during its development lifecycle is crucial to be completed before an application can be deployed.
- Critical thinking
While seemingly obvious, it is important to note that the key to being a cybersecurity practitioner is having a critical thought process. Foresight, analytical thinking, and a strong understanding of how hackers exploit a system is a must-have skill, to thrive in the industry. And while it can take years to hone, even a little intuition on the part of the resource can go a long way.
With cyber threats coming from supply chain attacks, phishing emails and software exploits, vulnerabilities, insecure wireless networks, and much more, it has caught the attention of the Government of India. In the Union Budget 2020, the setting up of a specialized cyber forensic university was proposed, along with plans to set up 150 higher education institutes that would cater to the skills gap in the cybersecurity sector. Will government initiatives, along with heightened awareness, and potential of cybersecurity as a career bridge this gap? Only time will tell… but India is certainly on the right track.
(The author is Managing Director- Sales, India & SAARC, Sophos and the views expressed in this article are his own)