Despite organizations building an army of technocrats to protect themselves, cyberattacks haven’t stopped. According to India’s Computer Emergency Response Team (CERT-In), India faced 11.5 million cyberattack incidents in 2021. The cat-and-mouse games between criminal hackers and organizations seem to be never-ending.
The organizations are spending billions of dollars on cybersecurity; as per an article by DATAPRISE, by 2025 the cumulative cybersecurity spending by the industry could touch $1.75 trillion. Don’t think we have a dearth of technologists, who can build world-class cyber products. But, the key question remains unchanged; why doesn’t none of these measures drastically improve the situation? Rather, the situation is worsening with news flashes around ransomware attacks, phishing, state-sponsored attacks, etc. While the market has thousands of security products and services, in my view solution needs to go beyond technology.
Rapid digitization has increased the reach of the internet across the globe. While phones have become smarter, equipping a common person to access the internet anytime and anywhere, cyber awareness hasn’t improved. FTC (Federal Trade Commission) received over 2.1 million consumer fraud complaints last year. Interestingly, one of the studies came out with statistics that only 0.14% of identity theft crimes result in prosecution as it is extremely hard to crack identity theft crimes. No sophisticated widget can save you if you choose to share your OTP with a hacker! Thus, the best way to prevent these cybercrimes is to increase basic cyber education.
The hybrid work model has expanded the threat landscape multifold. Just because hybrid work culture is picking up, does it mean that the insider threat has disappeared? As per the IBM 2019 survey, 31.5% of the cybersecurity occurrences were from malicious insiders, and 23.5% were from non-malicious insiders. Thus, it is time for organizations to think seriously to protect themselves differently in a hybrid work setup.
Cybersecurity talent is still tech-centric. Cybersecurity has always been thought of as a technology problem. Thus, you will find a large number of core techies, who are fantastic problem solvers when it comes technology side of cybersecurity. Technology is just one side of the multidimensional coin. There are other sides, which are even more important.
On the other end of the spectrum, the cybersecurity domain has pure managerial talent, who lack technical or functional cybersecurity knowledge. This isn’t good news either; these skillsets could make good general managers but cannot solve complex cybersecurity problems.
Thus, for a successful cybersecurity transformation to thrive, you will need techno-functional talent. We need people, who can effectively deal with all complexity of cybersecurity- technology, people and processes.
Conclusion: Organizations might outnumber “smarter technical” talent compared to hackers. In a guerilla war, the organized army outnumbers the rebels; the army might have the most sophisticated weapons, which the rebels lack. But, don’t we see a handful of rebels defeat a sophisticated army? Thus, winning the war against criminal hackers go beyond technological strength.