Hackers are becoming increasingly sophisticated and the cost of cyber attacks is predicted to rise to US$6 trillion by 2021 – from US$3 trillion in 2015 – turning up the heat on security professionals. But as the workload of cyber security teams increases, employees run the risk of becoming overworked and overwhelmed.
A recent study by Goldsmiths, University of London, and Symantec surveyed 3,000 chief information security officers and senior cyber security decision-makers across the UK, France and Germany. It found that almost two thirds (64%) had considered quitting their jobs (64%) or leaving the industry altogether (63%) – a problem for a sector facing a skills shortage. The same study found that just under half of those questioned said they believed their security teams lacked the necessary skills to combat the threats their organization faced.
The issue is exacerbated by tight budgets. Deloitte's 2019 future of cyber survey 2019 found that while digital transformation is moving forward rapidly, risk management accounts for less than 10% of cyber budgets. In the survey, 15% of respondents revealed they were struggling to prioritize cyber risk across their businesses.
The risks are very real and there have been numerous examples of the dangers of failing to protect customer data. In August, for example, the personal information of 317 people applying for Australian visas was leaked after it was accidentally emailed to a member of the public.
So, while it's usually malicious outsiders that we think of when considering cyber threats, often it's people inside a company that are the danger. Verizon's 2019 Insider Trading Report found that 57% of data breaches involved insider threats. It also found that 20% of cyber security incidents and 15% of data breaches were due to misuse of privileges.
Corruption is another issue keeping cyber security teams awake at night. In 2018, Amazon accused several employees of taking part in a bribery scheme that compromised customer data , while AT&T employees were found to have planted malware on the company networks.
Meanwhile, ransomware is on the increase and many of these incidents begin at employee level. Elsewhere, social engineering is happening more and more, and phishing emails have increased by as much as 250%, according to a recent study by Microsoft. Poor password hygiene within companies has also contributed to problems: when employees use easy-to-guess passwords, the information can be used to access company data even when the network is secure.
When faced with all of these challenges, there's a real danger that overworked cyber professionals overlook a crucial detail that leads to a data breach.
Businesses and governments all over the world are already become increasingly aware of the need to keep data secure. According to Deloitte's survey, a cyber-secure future lies in greater collaboration and awareness between businesses and security organizations. And it looks like we're heading in the right direction, with businesses all over the world already taking steps in protecting individuals' data.
Related content: What to do in a data breach