日期 : 2016年1月15日
機構 : 國際信息系統審計協會(中國香港分會)
作者 : 國際信息系統審計協會(中國香港分會)
Cyber crime is on the rise and organizations are beginning to realize that being attacked is not a matter of if, but when. According to the State of Cybersecurity: Implications for 2015 study conducted by global IT association ISACA and RSA Conference, 82 percent of the 649 cybersecurity professionals surveyed expect attacks against their organizations this year. Additionally, a recent HKCERT report shows that the total number of security events in Hong Kong in the second quarter of 2015 increased by 99 percent, reaching a record high since the second quarter of 2013.
A cybersecurity breach can be devastating both reputationally and financially. According to security research firm Ponemon Institute and authentication tech provider Duo Security, it takes organizations an average of 45 days to recover from a data breach—at a cost of US $35,414 per day. In other words, organizations typically lose more than US $1.5 million from a single breach.
Governments around the world are realizing the impact of cybersecurity incidents and are responding with requirements and expectations to create a more secure cyber environment. Several regulations and pieces of legislation have been enacted in Hong Kong, including regulations by the Ministry of Public Security and the State Council and a draft of the first cybersecurity law by National People’s Congress. These efforts demonstrate the need for both public and private sectors to play a role in creating a more secure cyber future.
“The importance of cybersecurity is rapidly becoming clear, due to the evolution of the cyberthreat landscape and the increasing cyber dependency of the public and private sector,” said Christos K. Dimitriadis, Ph.D., CISA, CISM, CRISC, international president of ISACA and group director of Information Security for INTRALOT. “Governments are revisiting their cybersecurity strategies and realizing the need for strengthening public-private cooperation, information and knowledge sharing, critical infrastructure protection, as well as investing more in addressing the global need for skilled cybersecurity professionals.”
Yet, while government agencies and enterprises recognize that cyber crime is on the rise and attackers are becoming more sophisticated, most organizations are ill-equipped to deal with the problem. The ISACA/RSA study found that 35 percent of organizations cannot fill open cybersecurity positions with qualified, capable security professionals who are skilled in handling complex threats and can understand the business. Of those who can find candidates, 53 percent of said that it often takes up to six months to fill a cybersecurity job opening. Organizations are coping with a shallow talent pool of cybersecurity professionals, which leaves them without the resources they need to successfully protect and defend against the inevitable threats. Worryingly, the skills shortage is getting worse. Nearly two million global cybersecurity professionals will be needed by 2017, according to the National Cybersecurity Institute at Excelsior College (USA).
Filling the gap caused by a shortfall of qualified security practitioners requires new thinking and a holistic approach to cybersecurity. As cybercriminals and hackers become increasingly sophisticated, so must enterprises’ security strategies. It is critical for enterprises to invest in both the people and the programs they need to develop a skilled workforce and a robust cybersecurity initiative. Organizations need to reshape cybersecurity training and ongoing professional development. With the frequency of attacks growing exponentially, organizations need to be confident that candidates have the right skills and knowledge to address cybersecurity incidents from their first day on the job. Now is the time for enterprises to ramp up their cybersecurity workforce.
This is good news for jobseekers and individuals looking for a rewarding career: the silver lining to the looming cybersecurity crisis is the tremendous opportunity to build a career path in the field. Now is the time for individuals to join a profession that is in demand, adds measurable value to organizations and is recognized for its contributions. Hong Kong recruiting agency Robert Walters reported that salaries will reflect the demand for IT talent in Hong Kong: “Due to the intense competition for specialist IT talent, professionals switching between permanent roles will likely command salary increments of 15-18 percent while IT contractors can expect a 15-20 percent increase.”
The good news for both organizations and individuals is that there are places to turn to for help. To help close the skills gap and build a qualified cybersecurity workforce—and to help individuals advance their careers. Some renowned security organizations offer resources on cybersecurity including knowledge sharing and training. These resources help prepare those looking to enter the cybersecurity field, those currently working in cybersecurity and those seeking to make a career change to serve in a highly sought-after cybersecurity role.
The cybersecurity threat landscape is daunting, but there is a tremendous opportunity for both companies and individuals to differentiate themselves as leaders in this space. Organizations need to strengthen security strategies and invest in the people and programs that will help them protect one of their most valuable assets—their information. They need to instill a culture of security awareness, and, they need to invest in and develop a trained cybersecurity workforce that has the right skills and knowledge to address cybersecurity incidents. Companies that do all of these things effectively will truly set themselves apart.
At the same time, cybersecurity professionals need to pursue hands-on training to keep their skills sharp, as adversaries develop new technical and creative tactics for attack. And for those looking to enter the cybersecurity profession, now is the time. The critical need for cybersecurity talent has created a door that is wide open and leads to a successful career.