The European Cyber Resilience Act

The European Cyber Resilience Act

On 15 September 2022, the European Commission published its proposal for a new Regulation that sets out cyber security related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).

Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. The CRA introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.  The rules seek to ensure that: (i) connected products and software placed on the EU market are more secure; (ii) manufacturers remain responsible for cyber security throughout a product’s life cycle; and (iii) consumers are properly informed about the cyber security around the products that they buy and use.

 

Such products suffer from two major problems adding costs for users and society:

    1. A low level of cyber security, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them.
    2. An insufficient understanding and access to information by users, preventing them from choosing products with adequate cyber security properties or securely using them.

While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cyber security. In particular, the current EU legal framework does not address the cyber security of non-embedded software, even if cyber security attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.

Two main objectives were identified aiming to ensure the proper functioning of the internal market:

    1. Create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle.
    2. Create conditions allowing users to take cyber security into account when selecting and using products with digital elements.

To combat these growing cyber security costs and address vulnerabilities, the Commission notes four specific goals for the Cyber Resilience Act:

    1. To ensure manufacturers improve the cyber security of covered products throughout the whole life cycle.
    2. To create a single, coherent framework for cyber security compliance in the EU.
    3. To increase the transparency of cyber security practices and properties of products and their manufacturers.
    4. To provide consumers and businesses with secure products ready for use.

Torquil Macleod, Director and Founder of Via Resource states, “many of the essential cyber security requirements simply mirror good practice and therefore many companies will not have significant work to do in this regard. The only two complex pieces are:

    1. Working out which type of conformity assessment products may require and producing/updating a raft of policies, procedures and other documentation required by the CRA.
    2. Reporting obligations under the CRA will add burden to companies already facing reporting requirements under data protection law, the NIS Directive and other sector-specific legislation. Reporting obligations placed on distributors and importers may also create tension in the supply chain and during contract negotiations as manufacturers will undoubtedly be nervous about distributors and importers reporting products’ potential vulnerabilities to market surveillance authorities.”

Subscribe To Our Newsletter

What about the UK?

As the UK is no longer a member of the EU, it will not be bound by the new rules.  However, the UK is in the process of passing a similar piece of legislation called the Product Security and Telecommunications Infrastructure Bill (PSTIB).  The PSTIB is currently at the report stage in the House of Lords meaning that the Bill has almost completed its legislative passage.  The PSTIB includes a power for the Secretary of State to specify security requirements relating to relevant connectable products and places obligations on manufacturers, importers and distributors about those security requirements.  Sanctions for non-compliance with the PSTIB are similarly high, up to the greater of £10 million or 4% of worldwide revenue over the most recent complete accounting period.

The Regulation will impact a broad range of parties in the technology supply chain, who should consider how the additional cyber security requirements will impact their manufacturing and distribution processes. Whilst most of the obligations will come into effect 24 months after entry into force, manufacturers will only have twelve months to comply with the CTA’s reporting obligations. 

60% of global leaders struggle to recruit cyber security talent due to a skills shortage

60% of global leaders struggle to recruit cyber security talent due to a skills shortage

80% of organisations suffered one or more breaches that could attribute to a lack of cyber security skills and/or awareness. It’s no secret that companies are facing a huge cyber security talent shortage. Unfortunately, speaking about the cyber security skills gap has not increased the cyber workforce and will not. Most cyber security professionals (95%) believe the skills gap has not improved over the past few years, and nearly half (44%) believe it has gotten worse, according to research from Information Systems Security Association (ISSA).

Cyber Magazine reported there are around 1.1 million people employed in cyber security in the US, however this is over 700,000 unfilled positions currently available. Worldwide, the cyber workforce shortfall is approximately 3.5 million people.

The Fortinet, 2022 Cybersecurity Skills Gap Global Research Report saw 60% of global leaders struggle to recruit cyber security talent and 52% struggle to retain qualified talent. 67% agree there is a shortage of qualified cyber security candidates which creates risks for their organisation with 76% board of directors now recommends increases in IT and cyber security headcount. 88% reporting that their board now asks questions specifically about cyber security.

To understand the four main issues on why cyber security leaders, see a skills shortage within their organisation, we have dived into this – 87% Of Cyber Security Leaders See A Skills Shortage Within Their Organisation.

Organisations making a difference

    • Microsoft launched a national campaign within the US community colleges to help place 250,000 people into the cyber security workforce by 2025, representing half of the country’s labour shortage.
    • Google ran a full-page ad in The Wall Street Journal stating they are training 100,000 Americans for vital jobs in data privacy and security, through the Google Career Certificate program.
    • IBM is training 150,000 people in cyber security skills over the next three years, and they will partner with more than 20 historically black colleges and universities to establish cyber security leadership centres to grow a more diverse cyber workforce.

Four ways organisations can address the cyber security skills gap

There’s no way to bridge the cyber security skills gap overnight, but organisations can start making progress today by doing the following three things:

    1. Tap into underrepresented communities.

Having a diverse and inclusive workplace is important not only ethically but also for improving employee morale, boosting innovation, and enhancing business success. Therefore, prioritise outreach to overlooked communities, where you can educate members of these communities on the incredible variety of opportunities in cyber security and show them how they can join the workforce. We have set out practical steps that organisations can take to embed diversity and inclusion in the workplace.

    1. Build skills primarily in-house

Organisations can tap into a much larger pool of workers if they relax job requirements and instead plan on building cyber skills internally by providing training, education, and certification support for new employees to help get them up to speed. Enable new graduates and people transitioning from other careers that have an interest in and capacity for cyber security to learn and grow.

    1. Support your existing talent

Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met. Here are some strategies for supporting your existing workforce so they’ll be less likely to leave:

    • Whenever feasible, automate routine tasks — especially those that are repetitive and boring or high stress. This helps reduce your labour needs and gives your employees interesting, lower-stress work to do.
    • Consider using managed security services, particularly for off-hours monitoring, analysis, and incident response. Small organisations may want to outsource most of their security services altogether to reduce their need for dedicated cyber security staff and instead train their IT personnel to also handle occasional cyber security tasks.
    • For particularly stressful or demanding positions, consider the possibility of job rotation. An example is rotating security operations personnel to a non-operations position after 12 or 18 months. This can help prevent burnout and allows people to build additional skills, making them more valuable to your organisation.
    • When your employees are taking time off, sick leave or otherwise, let them be off work. Everyone needs a break from work; expecting employees to keep checking in with work while they’re off – and especially being on call or performing operational support — is unfair to them and will certainly foster resentment. This may be a major culture change for your staff but it’s likely to be well worth it, both for retaining existing staff and for attracting new employees.
    1. Working with a specialist recruiter

As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.

Subscribe To Our Newsletter

Candidate Journey and Demand

Via Resource also dived into the UK Cyber Security market to understand the level of demand for good candidates and whether the skills gap does exist. We had the opportunity to speak first-hand to candidates to find out their views on how the recruitment process has changed and to establish what candidates find attractive in employers and job opportunities. Overview of the results:

    1. How candidates apply for a new role

Cyber security professionals apply for roles in a mixture of ways with LinkedIn being the most popular channel with 96% of the candidates initially discovering jobs or performing job related research via this channel. Using a recruitment consultancy comes second, 45% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include Indeed (31%), company website (31%), using their own network (18%), Jobsite (16%) and Total Jobs (16%).

    1. What Candidates looking for in their role

We asked Cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:

    1. Remuneration
    2. Job Title
    3. Job Benefits
    4. Career Progression
    5. Job Responsibilities
    6. Skills
    7. Training

Even with training being of the lowest importance to candidates 94% of candidates surveyed would be happy to take on additional training to learn skills.

The Cyber Security Skills Gap And How To Attract Candidates

If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.

Penetration Testing in 2023: Key Trends and Challenges

Penetration Testing in 2023: Key Trends and Challenges

As enterprises start preparing to put the chaos of 2022 behind them and focus on 2023, It is imperative to understand one aspect that cannot be “put behind.” Penetration Testing remains a fundamental aspect that organisations should not overlook. Nobody can predict how cyber security will evolve since it is continuously changing, but some trends are becoming more apparent soon. Here are some new trends that are probably going to be more common in 2023.

Penetration Testing Trends

1. Remote and hybrid work culture

Remote work culture has enabled flexibility for the employees and organisations with a positive impact on productivity, however, it has increased the need for cyber security teams. Scanning all networks, including the company’s laptop and mobiles that are in different locations. This opens multiple entry points for the malicious threat, if they penetrate through one device; the whole network is compromised.

2. Penetration testing tools

The use of manual as well as automated tools in penetration testing has significantly increased recently. Every organisation uses at least one such tool. These tools can cover a broad range, including SQL injection, port scanning, password cracking, and more. You can carry out complete Web Application Pen testing with the help of pen testing tools. Most respondents who use these tools say that comprehensive reporting is the primary feature they would like to have in pen testing tools.

3. Penetration testing is becoming Artificial Intelligence (AI)-Centric

Artificial intelligence (AI) can counteract attacks or cybercrime by determining patterns of behaviour that indicate anything extraordinary or unusual may be taking place. Significantly, AI means this can be done in systems that require coping with hundreds of events taking place each second, which is usually where cyber criminals will try to strike. It is the predictive powers of AI that make it so constructive here, which is why more and more enterprises will be investing in these solutions as we move into 2023. These attackers are also using this technology to make their attacks more sophisticated and lethal for your IT system. It sometimes becomes difficult to identify such attacks, let alone mitigate them. You can counter this situation by adding enough AI algorithms to your penetration testing process which can help to determine critical cyber security risks.

4. Inclusion of machine learning

Machine learning can potentially make all cyber security processes more proactive, including Web Application Pen testing. It makes the process simpler, more effective, and less expensive. Integrating machine learning algorithms into the pen testing processes can help forecast and react to active attacks in real time. Implementation of ML techniques becomes easier every next time as it learns from the previous execution and will take less time in every consecutive test.

5. Rising ransomware threats through Crypto

Ransomware is increasing in frequency and has the potential to cause damage like never before. It involves cryptography techniques to seize data and online assets of the organisation until the ransom is paid. The ransom is in the form of untraceable cryptocurrency. Phishing is typically used to deploy ransomware to trick the victims. User awareness along with updated penetration testing techniques is what you need to mitigate these threats.

6. Cloud-Services Attacks

Both remote and on-site workplaces now lean heavily on every cloud service. Remote work has enhanced cloud security concerns, yet the threats transcend beyond the move to distributed employees. Threats count API vulnerabilities as well as traditional software issues. Flaws in the configuration as well as integration, counting authorization, and authentication, of one cloud service, can bring about broader issues. For instance, cyber attackers are leveraging vulnerable PaaS (Platform as a Service) products to extend the reach of their ransomware or malware. The rewards of the cloud are sometimes enough to outweigh the threats. Using a programmatic approach, a company can reduce the threats of increasing cloud operations and build a foundation for a safe and sound future.

7. The Rising Threat of Ransomware

The new research by PwC revealed that technology executives anticipate increasing ransomware attacks in the year 2023. Ransomware usually includes infecting gadgets with a virus that locks files away behind firm cryptography and threatens to demolish them unless a ransom is paid, generally in the shape of untraceable cryptocurrency. On the flip hand, the software virus may terrorize publishing the data publicly, leaving the company liable to massive fines.

Ransomware is naturally deployed via phishing attacks – where workers of an organisation are tricked into offering details or clicking a link that downloads the malware or ransomware software onto a system. But, currently, a direct infection via USB devices by folks who have physical access to gadgets is becoming ever more common. Education is a highly effective means of tackling this risk, with research revealing that employees who are aware of the threats of this kind of attack are nine times less likely to fall prey.

Subscribe To Our Newsletter

Penetration Testing Challenges

Core Security, Penetration Testing Report shows significant challenges when asked about their top security concerns:

    • Phishing (80%)
    • Ransomware (68%)
    • Misconfigurations (57%).
    • Password quality (55%)

Ransomware: an urgent concern

A paramount concern in 2023 is ransomware, which has dramatically increased, as ransomware attacks were primarily initiated using phishing emails. According to research from the Malware Report, the average ransom from these attacks was $220,298 with the average cost for data recovery and malware removal due to a ransomware attack being $1.85 million globally.

The Impact of remote work

The last two years have dramatically impacted work dynamics, with companies worldwide announcing a permanent move to remote or hybrid models. Security professionals see new challenges and a shift in priorities, where IT departments cannot verify how users manage their home networks, potentially opening them up to outside threats. Cyber security professionals can identify and account for vulnerabilities by running more network security tests.

Use of penetration testing tools

The Penetration Testing Report saw all respondents use at least one tool or software to perform their tests, including SQL injection, port scanning, password cracking, and more. As such, security professionals tend to leverage various tools to ensure their needs are covered.

Most respondents (78%) use free and commercial pen testing tools with free open source tools only 11%, showing that organisations have devoted a budget to necessary software to keep their data and networks safe.

Penetration Testing is integral

Penetration testing remains a crucial aspect of organisation’s security strategy, where businesses have increased their security budget, recognising and responding to the increase in threats. Leveraging the right tools along with regular and thorough penetration testing is the best way to ensure a reduction in security risks for organisations and their end-users.

 

Nobody knows what the future holds for cyber security, and several verticals are still working out how to safeguard their networks amid the pandemic’s uncertainty and confusion. But these recent trends and challenges give us a sight of what we might be expecting in the upcoming years. IT security administrators, software developers and penetration testers will be in heavy demand for decades to come.

 

Information and Cyber Security 2022 wrap up

Information and Cyber Security 2022 wrap up

Last year we dived into five predictions on how 2022 will pan out, below we will go through these trends to see how these planned out.

1. Ransomware

We predicted an increase in ransomware, where it is still seen ransomware attacks are amongst the top growing threats in the cyber security industry. The damage they can cause to a business is immeasurable, effecting the organisation financially, the reputation, and the operation of the business. With 91% of security leaders are now regularly reporting on ransomware to the board.

In the UK, Gov.uk has shown in 2022, 39% of businesses have identified a cyber-attack, which remains the same in 2021. However, it is suggested that less cyber mature organisations in this space may be underreporting.

The Sophos State of Ransomware Report 2022 delves into ransomware statistics specifically and found that UK organisations managed to block 43% of ransomware attacks before data was encrypted, this was above the average of 35%. For successful attacks, around 13% of companies went ahead and paid the ransom demanded by cyber criminals. This was below the global average (26%). While only a small portion of companies paid the ransom, ransomware attacks can still be very expensive to fix. The average cost for UK organisations was $1.08 million. However, this is still a substantial decrease from the $1.96 million reported in 2021.

We have dived in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.

2. Cyber Insurance

Cyber insurance is crucial for enterprise risk management, but it’s quickly becoming unaffordable, just as we predicted. Premiums are increasing rapidly, and new research shows that 82% of insurers believe that prices will continue to rise for the next two years.

Panaseer’s 2022 Cyber Insurance Market Trends Report, saw the largest ransom pay-outs by insurers in the last two years average £3.26m in the UK and $3.52m in the US. Increasingly sophisticated threat actors and costly ransomware attacks are having the biggest impact on rising premiums. 89% of insurers believe it would be valuable to have direct access to customer metrics and measures proving the status of their security controls.

3. Cyber Workspace

The US ranked number 1 for the foremost number of coworking areas globally (3,762), with the UK being third (1,044). Where it is predicted five million individuals would be using coworking areas by 2024, and 13% of businesses outside the US are using shared workspaces in 2022. However, it is hard to determine how many security breaches have arisen from coworking spaces.

Working from home: Remote work has increased the average cost of a data breach by $137,000, Email phishing attacks were the most common source of data breaches while working from home (48%).

Subscribe To Our Newsletter

4. IoT Security

There has been an increase in IoT technology, where in 2021 there were more than 10 billion active IoT devices, and in 2030 it is predicted to surpass 25.4 billion. By 2025, it is predicted that 152,000 IoT devices will be connecting to the internet every minute.

Ring (An Amazon-owned company) had two incidents, once for accidentally revealing user data to both Facebook and Google via third party trackers embedded into their android application. Secondly due to an IoT security breach where cybercriminals successfully hacked into several families connected doorbells and home monitoring systems.

IoT devices carry a lot of vulnerabilities with the lack of computational capacity for built-in security and have a limited budget for developing and testing secure firmware. Where IoT has evolved rapidly over recent years, connecting technology, driving business insights, powering innovation, and improving people’s lives. But IoT solutions become more prevalent in society, cyber criminals have found new opportunities to exploit the lack of built-in security currently associated with IoT devices.

5. Job Market

Over the past year, the demand for cyber security professionals has increased by 60%. Many industries seeing an acceleration in digital transformation and remote working, resulting in an increased risk of cyber-attacks. However, most cyber security decision-makers are struggling to recruit due to a shortage of skilled professionals, according to new research. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.

Tor Macleoad, Founder at Via Resource states “Employers and recruitment agencies consider the cyber security labour market an increasingly candidate-driven market, with a greater average number of vacancies per firm this year, and a greater proportion of these vacancies being hard to fill.”

Information and Cyber Security Job Descriptions

Information and cyber security Job Descriptions

Information and cyber security are fast becoming one of the most important roles in the tech sector as cyber criminals and hackers become ever more sophisticated. As cyber-attacks grow in frequency and scale, it’s more important than ever for your organisation to install a strong team of information and cyber security specialists. To attract stellar candidates in this fast-growing field, you need a compelling job description that clearly outlines your information and cyber security requirements, along with expectations for the specialist role.

We have seen crafting a compelling job description is essential to helping you attract the most qualified candidates for the role you are recruiting for. With more than 20 million jobs listed on Indeed, a great job description can help your jobs stand out from the rest. Your job descriptions are where you start marketing your company and the role to your future employees.

The key to writing effective job descriptions is to find the perfect balance between providing enough detail so candidates understand the role and your company while keeping your description concise.

Need help writing a job description for a specific role? With over 12 years of experience in the information and cyber security sector, we have seen may successful and unsuccessful job descriptions. We have complied our top job descriptions for you to download and use for free.

Information and Cyber Security Job Descriptions

Sales and Marketing Job Descriptions

Whilst completing your desired job description, where many companies don’t know the true value of their talent, they might dramatically overpay external candidates or advertise job roles with salaries that will never attract top-level candidates. Via Resource go through numerous of postings every day, they know the industry average for any given position and can factor in other elements such as location. Where we have published our salary guides. In addition, we are in a unique position to negotiate salary expectations with candidates so companies will always end up paying a fair and competitive wage to their employees.

If you want to stand out in competitive talent markets, here at Via Resource, we help growing businesses reach their ideal candidate profiles, engage effectively, and make meaningful hires. Working as an extended member of your team, we’ll help you promote your roles and brand in a way that ensures you stand out from the crowd.

Get in contact with Via Resource now for support on your next Information and Cyber Security hire.

Why The CISO Is Crucial to Your Company’s Cyber security

Why The CISO Is Crucial to Your Company’s Cyber security

The cost of a breach is at an all-time high of $4.35 million, according to IBM’s Data Breach report. It’s crucial that cyber security threats be treated as business risks that can significantly impact a company’s bottom line, rather than a siloed IT team issue. Cyber security is truly a team sport, which means everyone in an organisation is responsible for mitigating it.

A Chief Information Security Officer (CISO) is a top-level executive whose role is to ensure an organisations business information security is adequately protected and enhanced. Do you think your organisation requires one?

What is the role of a CISO?

The CISO is a top-level executive whose role is to set up and sustain the organisation’s strategy, mission, and system to guarantee that the business information security of an organisation is adequately protected and enhanced. The role of a CISO is to supervise security technologies, respond adequately to incidents, design suitable standards and controls, and manage the formulation and execution of policies and processes. There is a difference between a CISO and A Head of Infosec, where a Head of Role tends to remain a little bit more hands on and could be a better fit for SME’s whilst CISO’s tend to be engaging with the board and stakeholders. CISO’s can communicate effectively with the board, pushing awareness and gaining buy-in.

The role of a CISO is a desirable position since it blends both technical knowledge and managerial proficiencies. Discovering an individual with all these skillsets is often difficult. Discover the vital steps to hire niche talent to help find your next CISO.

Four key signs that your organisation requires a CISO?

The History of your Security Breaches

If your organisation has been attacked on repeat occasions in the past, it is a no brainer that it’s information security needs to be uplifted. If attackers have been successful in compromising your organisation’s systems and networks, may mark your organisation as an easy target for future attacks. Even if you may think there is no point investing in cyber security given your networks and devices have already been compromised, it is essential that a strong cyber security  program is implemented to prevent succumbing to attacks in the future. Hiring a CISO can be an effective way of upgrading your cyber security posture to identify and eliminate any future threats.

Governance, Risk & Compliance

Organisations in certain industries handle and store extensive amounts of sensitive information, for example in the financial industry. This causes them to be heavily regulated and require an extensive and comprehensive cyber security solution compared to regular businesses. If an incident were to occur within these organisations, they could be open to legal repercussions apart from the other financial and reputational impacts of a cyber-attack/data breach. Hence, the cost of a data breach could severely outweigh the cost of hiring a CISO, who can improve an organisation’s cyber security posture tenfold.

Subscribe To Our Newsletter

Complex Threat Environment

Cyber security needs are comparable with the size of your organisation, for example, small to medium businesses with minimal employees will have different needs when it comes to their cyber security, compared to larger organisations with thousands of employees and customers. Understanding your organisation’s threat environment should be the first thing you do before you decide to hire a CISO. Depending on the intricacy of your threat environment, your organisation can prioritise its security.

Your current IT capabilities

Another sign that your organisation may require the skills of a CISO, is the current IT capability. For example, if your organisation is lacking IT professionals who can effectively deal with security incidents if they were to occur, then your organisation may require the skills of a CISO. Even if your organisation has IT professionals with the technical skills required to deal with cyber-attacks/data breaches, they may be lacking the soft skills like business acumen or leadership to enhance your organisation’s current cyber security posture. A CISO has the soft skills and technical knowledge required to significantly enhance your organisation’s cyber security capabilities.

While you might find that your business needs a CISO, it is not always feasible to have an in-house CISO. Maybe it’s because of the size of your business or budget constraints but having a full-time CISO might not make sense in the immediate context of your business. In such cases, part-time or a contracted CISO may be a viable solution. If you are looking for a CISO contact Via Resource to discuss your requirements.

87% of cyber security leaders see a skills shortage within their organisation

87% of cyber security leaders see a skills shortage within their organisation

Most cyber security decision-makers are struggling to recruit due to a shortage of skilled professionals, according to new research.

A recent report Cyber Security in Focus, features responses from cybersecurity directors, security operations directors and VPs of product security in EMEA and North America. Where 87% of respondents admitted they are suffering skills shortages, with over a third (35%) claiming positions were left unfilled after a 12-week period.

60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.

What are the issues?

Hybrid working world

Ransomware attacks and other cyber threats have risen in prominence over the past few years, especially in the wake of the pandemic. Many businesses that had previously worked only in person were forced to quickly shift to e-commerce or remote work setups. With rapid change, it was difficult to keep up with the IT tasks that go with that change, such as making sure every device is backed up, ensuring employees are using secure connections and passwords. In addition to training employees on how to spot a scam before they click on it.

Protecting Your Business In A Hybrid World From Cyber Threats

Cyber-attacks

The latest cyber security breaches survey 2022 by Gov.uk has revealed that 39% of UK businesses identified a cyberattack in the last 12 months with the most common threat vector was phishing attempts (83%). With average estimated cost of all cyber-attacks of £4,200 with only medium and large businesses the figure rises to £19,400. In addition decentralised remote working environments increase the impact of data breaches considerably. Organisations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those organisations with 50% or fewer employees working remotely.

Cyber Attacks In 2022

Subscribe To Our Newsletter

Workforce Gaps

There is a cybersecurity workforce gap of nearly 2.72 million cybersecurity professionals. Although the shortage has been steadily decreasing year over year, a 2021 study revealed that the global cybersecurity workforce needs to grow 65% to effectively protect organisations’ critical assets.

The report also notes that pathways to cybersecurity are changing. While 47% of cybersecurity professionals have an IT background, more than half of professionals got their start outside of IT— 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education and 15% explored cybersecurity concepts on their own.

Among the top reasons why cybersecurity professionals are leaving their jobs are being recruited by other companies (59%), insufficient salary or bonus (48%), limited promotion opportunities (47%), high-stress levels (45%), and lack of management support (34%).

According to the latest ISC2 survey, global skills shortages fell for the second consecutive year in 2021 to 2.7 million, including a shortfall of 377,000 in the US and 33,000 in the UK.

Candidate Journey and Demand

Via Resource also dived into the UK Cyber Security market to understand the level of demand for good candidates and whether the skills gap really does exist. We had the opportunity to speak first-hand to candidates to find out their views on how the recruitment process has changed and to establish what candidates find attractive in employers and job opportunities. Overview of the results:

    • 62% of companies are employing staff who have, or are working towards a cyber security-related qualifications (i.e. higher education, apprenticeships or other certified training)
    • 66% of the cyber sector organisations have tried to recruit someone in a cyber role within the last 3 years (2017 – 2020). These employers reported 35% of their vacancies as being hard to fill
    • Candidates are more likely to apply via LinkedIn and through a recruitment consultant
    • It takes an average 24 minutes for candidates to fill out one job application
    • After an interview 73% strongly agree and 37% agree for detailed feedback
    • The top three benefits that are important to candidates are flexible working hours, working from home and health insurance.

The Cyber Security Skills Gap And How To Attract Candidates

If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.

Benefits of Using an Expert Cyber Security Recruitment Specialist

Benefits of Using an Expert Cyber Security Recruitment Specialist

As the world shifts and everyone becomes more online, Cyber Security as a profession has grown because there is more personal and sensitive data vulnerable to an attack. The rise of Cyber Security has had a huge impact on businesses as professional industries are scouring to hire Cyber Security talent to protect their online presence, assets and customer data.

There is a growing need for information and Cyber Security professionals, as most businesses simply can’t afford a data breach. In the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research, and the reputational harm can be incalculable.

As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In this article, we highlight some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.

Access to job roles that are not promoted online

It is common knowledge that the best roles come from word of mouth. At least 30% of roles are not advertised on mainstream job sites or company websites. Especially in a world where you want to keep your security team and capability as private as possible, there are a significant number of firms who will actively choose to keep new roles quiet and hire a specialist recruiter to approach select candidates instead. If you want access to the most interesting clients and projects, you should use a specialist recruiter.

Client/candidate relationships

Using a dedicated recruiter at Via Resource for your next career move can provide several benefits in helping you land the role you want. A recruiter can steer you in the right direction if you are unsure of where you see yourself. Plus, open you up to new roles you may not have considered, which are aligned with your skills and career goals. Whilst guiding you to be more selective in the jobs or companies you apply for with having connections in the top FTSE firms. Discover the six ways for getting the most out of your recruiter relationship.

Saving your time

It is an inevitable fact that recruiting takes time and money. From writing specific job descriptions to arranging and doing interviews, it can be a tiring process. But because this is their specialty they can streamline the hiring process, leaving their client’s HR department to get on with more important aspects of their job.

Probably the most time-consuming aspect of recruiting is the interview process. Not many people want to take days out from their already packed business schedules to interview hundreds of candidates. A major benefit of a specialised Cyber Security recruitment specialist is the ability to shortlist candidates through initial interviews on their client’s behalf. This means the only candidates you will need to see personally will be the absolute top talent.

Subscribe To Our Newsletter

Acting as salary consultants

Many companies don’t know the true value of their talent, they might dramatically overpay external candidates or advertise job roles with salaries that will never attract top-level candidates. Since Cyber Security recruitment specialist go through numerous of postings every day, they know the industry average for any given position and can factor in other elements such as location. Where we have published our salary guides:

This puts us in a unique position to negotiate salary expectations with candidates so companies will always end up paying a fair and competitive wage to their employees.

Provide expert advertisement

Too many companies end up wasting money (and time!) advertising their open job positions in the wrong places. Although the Cyber Security industry is thriving, if your company is not looking in the right places, it will never find the right candidate. This is where specialised Cyber Security recruiters know all the ins and outs of job advertisements and will only advertise a vacancy in the places that will secure interviews with top talent.

Attention to diversity and inclusion

Having a diverse and inclusive workplace is important not only ethically but also for improving employee morale, boosting innovation, and enhancing business success. If companies want to secure the most talented Cyber Security professionals, they will need to adopt a new approach to access more diverse talent pools. Here at Via Resource, we conduct the hiring process with this in mind to find the perfect fit for every company and organisation.

Industry insight

The best recruiters ensure that their niche market is something that they able to understand, inside out. Here at Via Resource, it is our personal mission to ensure that as consultants, we all understand our niche markets, its challenges and sweet spots to aid both clients and candidates in understanding key job trends at any given moment in time.

These are just some of the benefits of using a specialist recruiter. For any further information, to know the latest roles, work with us to locate your ideal candidate, or simply to hear more about the Cyber Security market, please get in touch with our specialist consultants.

Discover the difference between HR and External Recruiters

Discover the difference between HR and External Recruiters

Unless you’ve spent time working in either field, it can be hard to realise the differences between human resources and external recruiters and understand the responsibilities of each. Many seem to believe that one is identical with the other or that one can substitute the other within a firm. However, this is not the case there are several distinctions between the two and it’s essential to have them both.

1. They have different job functions

While sometimes there are overlaps, external recruiters and HR professionals are usually responsible for completely different processes within a company. In simple terms, recruitment means finding new people to join a certain team, and while HR generalists often have recruiting duties too, HR usually means everything that makes employees stay.

Job roles of a recruiter can include (not limited to):

    • Establishing the specific requirements of the position the organisation needs filled, understanding timelines, and defining specifics of the role – where Via Resource helps provide industry knowledge and a better understanding what they can achieve in a certain budget.
    • Sourcing candidates for the position, reviewing each profile or resume for skills, experience, availability, and culture fit
    • Conducting pre-interviews before passing the profile onto the organisation
    • Introducing the top candidates to the management
    • Supporting management with market knowledge
    • Mediating the offer and acceptance process
    • Constant contact with the management and the candidates throughout the process

Using a dedicated recruiter at Via Resource for your next career move can provide several benefits in helping you land the role you want. If you want to find out the best ways for getting the most out of your recruiter relationship read here.

Job roles of HR can include (not limited to):

    • The onboarding of the new hires – our article here helps discuss how to onboard a remote employee successfully
    • Designing structural procedures that keep employees engaged, motivated, and satisfied
    • Advising on pay, benefits and performance management and opportunities
    • Identifying training needs and programs, as well as recognition systems for high performers
    • Handling any sensitive information, caring for the mental and physical well-being of colleagues

Creating and ensuring a fair, respectful, and compliant work environment

2. They interact with employees at different stages

How HR and external recruiters interact with employees is a major distinguishing factor. Although both recruiters and HR professionals deal with people, who they interact with the most is usually not the same.

Recruiters must balance relationships with both employees and candidates. They spend a lot of time interviewing potential candidates outside of the organisation and report to either the manager or HR. External recruiters represent the company and every candidate that made the cut and act as a mediator between the two. They are the first person a newcomer sees as a representative, so it’s crucial they can identify with the core values of the given business.

Whereas the HR department starts to interact with people after they are hired. Although they might oversee conducting some of the interviews, they first come into the picture during onboarding. Then, they follow all employees throughout their entire stay at the company. They are responsible for overseeing the progress, satisfaction, and experiences of all employees, making changes according to their wishes and needs, and caring for a healthy and happy environment within the firm.

Subscribe To Our Newsletter

3. Employment type may differ

There are various opportunities for professionals of both fields when it comes to employment type, there are, however, some tendencies considering this question. HR professionals usually work within the organisation. In the case of smaller companies, HR managers are usually hired independently as a one-person department, reporting directly to the management. Their tasks are usually closely tied to the operations of an organisation, so contract-based cooperation is usually not effective.

Recruiters can be hired collectively as an outside entity, in the form of a recruitment agency. Agencies work with various employers on a day-to-day basis, matching people to all the roles that they have available. Usually, bigger companies have in-house teams dedicated to recruiting new talent, but still reach out to agencies like us in many cases, due to extensive experience in the Information and Cyber Security market in several different sectors, and access to a range of candidates giving a unique insight into the landscape of the jobs market.

4. You need them both, but for different reasons

Many companies, assume that one person or one team can do both tasks, but because of the distinct workflows and field of expertise and experience, it’s best to keep them separate. Putting both roles on one person could hurt your company while eliminating one can result in either lack of growth or toxic company culture. Companies need both roles to succeed in the long run, to oversee all the different areas of business that deal with the most important part of it: its people.

If you happen to need further information on why both HR and recruitment are essential parts of a company or seek guidance in recruiting for a Cyber Security professional, don’t hesitate to contact us or read our other articles covering these topics.

Cyber Attacks 2022

Cyber Attacks in 2022

Here at Via Resource, we monitor the reported cyber security statistics and trends that are impacting the digital landscape. Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both the industry and government.

The latest cyber security breaches survey 2022 by Gov.uk has revealed that 39% of UK businesses identified a cyberattack in the last 12 months with the most common threat vector was phishing attempts (83%). With average estimated cost of all cyber-attacks of £4,200 with only medium and large businesses the figure rises to £19,400.

Below we dive in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.

Crypto.com

Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on 17th January 2022 and targeted nearly 500 people’s cryptocurrency wallets.

Despite the blockchain being a relatively secure transaction method, the thieves used a simple method to get the job done: they bypassed the site’s two-factor authentication and stole $18 million of Bitcoin and $15 million of Ethereum.

Initially, Crypto.com described the hack as a mere “incident” and denied any theft but clarified the situation a few days later and reimbursed the affected users.

Microsoft

Computing giant Microsoft is no stranger to cyberattacks, and on 20th March 2022, the firm was targeted by a hacking collective called Lapsus$. The group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft, and in the process, they’d compromised Cortana, Bing, and several other products.

The hackers made off with some material from Microsoft, too, but by March 22nd Microsoft announced that they’d shut down the hacking attempt promptly and that only one account was compromised.

Microsoft said that no customer data had been stolen, and Microsoft undoubtedly benefitted from its effective security team – the Lapsus$ group has previously targeted Nvidia, Samsung and plenty of other companies, and the politically-motivated group was already on Microsoft’s radar.

Red Cross

Red Cross (the charity) was attacked in January 2022. An attack on a third-party contractor saw more than half a million records compromised – including documents that the Red Cross classed as “highly vulnerable”.

Ultimately, thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this seemingly political breach, but no culprit has been identified.

Subscribe To Our Newsletter

Key Findings

Key findings highlighted in Proofpoint’s 2022 Human Factor report include:

  • Cyber criminals recognize that our smartphones contain the keys to both our personal and professional lives. Smishing attempts more than doubled in the US, while in the UK over 50% of lures were themed around delivery notification. In addition, cyber criminals initiated more than 100,000 telephone-oriented attacks a day.
  • High-privilege users are disproportionately targeted. Managers and executives make up only 10% of overall users within organisations, but almost 50% of the most severe attack risk.

Cyber criminals continue to capitalise on global conflicts. Earlier this year, threat actors and APT groups aligned with national interests including Russia’s invasion of Ukraine. Plus criminals exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.